Commercial Anti-Smishing Tools and Their Comparative Effectiveness Against Modern Threats

Smishing, also known as SMS phishing, is a type of fraudulent communication in which an attacker disguises SMS communications to deceive a target into providing their sensitive data. Smishing attacks use a variety of tactics; however, they have a similar goal of stealing money or personally identifying information (PII) from a victim. In response to these attacks, a wide variety of anti-smishing tools have been developed to block or filter these communications. Despite this, the number of phishing attacks continue to rise. In this paper, we developed a test bed for measuring the effectiveness of popular anti-smishing tools against fresh smishing attacks. To collect fresh smishing data, we introduce Smishtank.com, a collaborative online resource for reporting and collecting smishing data sets. The SMS messages were validated by a security expert and an in-depth qualitative analysis was performed on the collected messages to provide further insights. To compare tool effectiveness, we experimented with 20 smishing and benign messages across 3 key segments of the SMS messaging delivery ecosystem. Our results revealed significant room for improvement in all 3 areas against our smishing set. Most anti-phishing apps and bulk messaging services didn't filter smishing messages beyond the carrier blocking. The 2 apps that blocked the most smish also blocked 85-100\% of benign messages. Finally, while carriers did not block any benign messages, they were only able to reach a 25-35\% blocking rate for smishing messages. Our work provides insights into the performance of anti-smishing tools and the roles they play in the message blocking process. This paper would enable the research community and industry to be better informed on the current state of anti-smishing technology on the SMS platform

Classifying Swahili Smishing Attacks for Mobile Money Users: A Machine-Learning Approach

This research article was published by IEEE Access 2022Due to the massive adoption of mobile money in Sub-Saharan countries, the global transaction value of mobile money exceeded $2 billion in 2021. Projections show transaction values will exceed$3 billion by the end of 2022, and Sub-Saharan Africa contributes half of the daily transactions. SMS (Short Message Service) phishing cost corporations and individuals millions of dollars annually. Spammers use Smishing (SMS Phishing) messages to trick a mobile money user into sending electronic cash to an unintended mobile wallet. Though Smishing is an incarnation of phishing, they differ in the information available and attack strategy. As a result, detecting Smishing becomes difficult. Numerous models and techniques to detect Smishing attacks have been introduced for high-resource languages, yet few target low-resource languages such as Swahili. This study proposes a machine-learning based model to classify Swahili Smishing text messages targeting mobile money users. Experimental results show a hybrid model of Extratree classifier feature selection and Random Forest using TFIDF (Term Frequency Inverse Document Frequency) vectorization yields the best model with an accuracy score of 99.86%. Results are measured against a baseline Multinomial Naïve-Bayes model. In addition, comparison with a set of other classic classifiers is also done. The model returns the lowest false positive and false negative of 2 and 4, respectively, with a Log-Loss of 0.04. A Swahili dataset with 32259 messages is used for performance evaluation

Awareness and perception of phishing variants from Policing, Computing and Criminology students in Canterbury Christ Church University

This study focuses on gauging awareness of different phishing communication students in the School of Law, Policing and Social Sciences and the School of Engineering, Technology and Design in Canterbury Christ Church University and their perception of different phishing variants. There is an exploration of the underlying factors in which students fall victim to different types of phishing attacks from questionnaires and a focus group. The students’ perception of different types of phishing variants was varied from the focus group and anonymised questionnaires. A total of 177 respondents participated in anonymised questionnaires in the study. Students were asked a mixture of scenario-based questions on different phishing attacks, their awareness levels of security tools that can be used against some phishing variants, and if they received any phishing emails in the past. Additionally, 6 computing students in a focus group discussed different types of phishing attacks and recommended potential security countermeasures against them. The vulnerabilities and issues of anti-phishing software, firewalls, and internet browsers that have security toolbars are explained in the study against different types of phishing attacks. The focus group was with computing students and their knowledge about certain phishing variants was limited. The discussion within the focus group was gauging the computing students' understanding and awareness of phishing variants. The questionnaire data collection sample was with first year criminology and final year policing students which may have influenced the results of the questionnaire in terms of their understanding, security countermeasures, and how they identify certain phishing variants. The anonymised questionnaire awareness levels on different types of phishing fluctuated in terms of lack of awareness on certain phishing variants. Some criminology and policing students either did not know about phishing variants or had limited knowledge about different types of phishing communication, security countermeasures, the identifying features of a phishing message, and the precautions they should take against phishing variants from fraudsters

Kemahiran pemikiran komputasional pelajar melalui modul pembelajaran berasaskan teknologi internet pelbagai benda

kemahiran pemikiran komputasional pelajar, ke arah lebih kreatif dan kritis melalui penggunaan Modul Pembelajaran Berasaskan Teknologi Internet Pelbagai Benda (MP-IoT) yang telah dibangunkan oleh penyelidik. Pembangunan MP-IoT mengikut Model ADDIE dan melibatkan Teknologi Arduino yang diterapkan dalam 5 aktiviti pembelajaran secara amali. Kajian berbentuk kuantitatif jenis kuasi-eksperimental ini telah dijalankan ke atas 52 orang pelajar Tingkatan 4 dari 2 buah sekolah di daerah Batu Pahat, Johor dan Kuala Kangsar, Perak. Data pula telah dianalisis secara deskriptif dan inferensi. Satu set ujian pencapaian pra dan pasca sebagai instrument telah dibangunkan. Analisis Item Indeks Kesukaran (IK), Indeks Diskriminasi, serta Interprestasi skor bagi nilai Alpha Cronbach telah digunakan bagi memastikan soalan ujian pencapaian sesuai digunakan. Manakala dalam proses pembangunan modul MP-IoT, seramai 6 orang guru dari mata pelajaran Sains Komputer dipilih sebagai pakar untuk mengenal pasti kesesuaian dari segi format, kandungan dan kebolehgunaan modul yang dibangunkan Skala Likert lima mata digunakan dalam kajian ini. Secara keseluruhannya, dapatan kajian menggunakan ujian-T sampel berpasangan, menunjukkan terdapat perbezaan yang signifikan terhadap tahap pencapaian pelajar kumpulan kawalan yang didedahkan dengan kaedah konvensional dengan kumpulan rawatan yang didedahkan dengan modul MPIoT, dengan nilai p-value adalah .000 iaitu kurang dari .05 (p<0.05). Selain itu, tahap kemahiran pemikiran komputasional pelajar juga meningkat setelah didedahkan dengan modul MP-IoT

Emerging Mobile Phone-based Social Engineering Cyberattacks in the Zambian ICT Sector

The number of registered SIM cards and active mobile phone subscribers in Zambia in 2020 surpassed the population of the country. This clearly shows that mobile phones in Zambia have become part of everyday life easing not only the way people communicate but also the way people perform financial transactions owing to the integration of mobile phone systems with financial payment systems. This development has not come without a cost. Cyberattackers, using various social engineering techniques have jumped onto the bandwagon to defraud unsuspecting users. Considering the aforesaid, this paper presents a high-order analytical approach towards mobile phone-based social engineering cyberattacks (phishing, SMishing, and Vishing) in Zambia which seek to defraud benign victims. This paper presents a baseline study to reiterate the problem at hand. Furthermore, we devise an attack model and an evaluation framework and ascertain the most prevalent types of attack. We also present a logistic regression analysis in the results section to conclude the most prevalent mobile phone-based type of social engineering attack. Based on the artifacts and observed insights, we suggest recommendations to mitigate these emergent social engineering cyberattacks

Pembangunan elemen kemahiran hijau dalam pengajaran dan pembelajaran (PdP) bagi pensyarah kolej vokasional

Kemahiran hijau (Green Skill) merupakan satu kemahiran berasaskan kepandaian dan kecekapan yang menjadi aset kepada setiap individu sebelum menerokai semua bidang pekerjaan ke arah pembangunan yang mampan. Kajian kualitatif ini menggunakan kaedah penerokaan sebagai reka bentuk kajian yang bertujuan untuk membangunkan elemen kemahiran hijau dalam pengajaran dan pembelajaran (PdP) bagi pensyarah kolej vokasional. Pada fasa pertama iaitu fasa pembangunan, pengkaji telah menjalankan temu bual bersama tiga (3) orang pensyarah yang mempunyai kepakaran di dalam bidang PdP dan Teknologi Pembinaan. Selepas melaksanakan protokol temu bual maklumat telah ditemakan melalui analisis tematik dan seterusnya telah dianalisis melalui analisis matrik bersama semakan literatur sistematik bagi mendapatkan persamaan dan perbezaan maklumat. Pada fasa kedua iaitu fasa pengesahan, seramai lima (5) orang pakar telah membuat pengesahan terhadap format dan kandungan itemitem yang telah dikeluarkan. Fasa ini melibatkan dua belas (12) orang pakar yang terdiri daripada pensyarah yang mempunyai pengalaman selama sepuluh (10) tahun dan ke atas sebagai responden utama. Melalui teknik Fuzzy Delphi sebagai prosedur penganalisian data, Data kajian telah di analisis bagi mendapatkan nilai purata m 1 (nilai minimum), m 2 (nilai paling munasabah) dan m 3 (nilai maksimum), seterusnya nilai ‘d’ Threshold value, konsensus 75% pengesahan kumpulan pakar dan Fuzzy Evaluation. Di dalam kajian ini, hanya satu (1) item iaitu “mengguna kertas terpakai untuk sebarang tugasan” daripada elemen kemahiran hijau dalam penilaian dan tugasan telah ditolak kerana nilai d≤0.2 iaitu 0.243 dan peratus kesepakatan tidak mencapai >75% namun peratusan keseluruhan konstuk bagi elemen tersebut diterima dengan jumlah sebanyak 97.92% dan nilai d= 0.126. Seterusnya, item-item yang lain untuk keseluruhan elemen telah diterima oleh pihak kumpulan pakar bagi meneruskan kajian. Kesimpulanya, elemen kemahiran hijau dalam PdP perlu dilanjutkan sebagai garis panduan di dalam PdP untuk para pendidik pada masa akan datang

Behaviour Profiling for Transparent Authentication for Mobile Devices

Since the first handheld cellular phone was introduced in 1970s, the mobile phone has changed significantly both in terms of popularity and functionality. With more than 4.6 billion subscribers around the world, it has become a ubiquitous device in our daily life. Apart from the traditional telephony and text messaging services, people are enjoying a much wider range of mobile services over a variety of network connections in the form of mobile applications. Although a number of security mechanisms such as authentication, antivirus, and firewall applications are available, it is still difficult to keep up with various mobile threats (i.e. service fraud, mobile malware and SMS phishing); hence, additional security measures should be taken into consideration. This paper proposes a novel behaviour-based profiling technique by using a mobile user’s application usage to detect abnormal mobile activities. The experiment employed the MIT Reality dataset. For data processing purposes and also to maximise the number of participants, one month (24/10/2004-20/11/2004) of users’ application usage with a total number of 44,529 log entries was extracted from the original dataset. It was further divided to form three subsets: two intra-application datasets compiled with telephone and message data; and an inter-application dataset containing the rest of the mobile applications. Based upon the experiment plan, a user’s profile was built using either static and dynamic profiles and the best experimental results for the telephone, text message, and application-level applications were an EER (Equal Error Rate) of: 5.4%, 2.2% and 13.5% respectively. Whilst some users were difficult to classify, a significant proportion fell within the performance expectations of a behavioural biometric and therefore a behaviour profiling system on mobile devices is able to detect anomalies during the use of the mobile device. Incorporated within a wider authentication system, this biometric would enable transparent and continuous authentication of the user, thereby maximising user acceptance and security

An analysis of BYOD architectures in relation to mitigating security risks

As the adaptation of smartphones and tablets to conduct business activities increases, enterprise mobility becomes a rising trend in business environments providing a flexible work environment that modernizes how workers accomplish their tasks. One significant part of the current enterprise mobility movement is the adoption of the Bring Your Own Device (BYOD) strategy. BYOD allows employees to use their personal mobile devices to access corporate resources and conduct business tasks while maintaining the usage of these devices for personal activities. This underlying feature of the BYOD solution presents serious concerns for enterprises in terms of securing the storage and access of the corporate data. This report will explore the BYOD strategy and analyze the business requirements that are tied to the secure storage and management of corporate data. The report will also study existing architectural approaches as they relate to the BYOD movement, and explore how these approaches attempt to minimize the security risks and challenges associated with the BYOD strategy.Electrical and Computer Engineerin

CONTACTLESS PAYMENTS FRAUD DETECTION METHODS AND IS SOCIETY PREPARED TO RESIST: A CASE STUDY

The ability to use contactless payment technologies, non-cash payments and credit card payments is becoming almost an essential requirement for consumers and merchants in today's economic conditions. Different market sectors are rapidly adapting to these technologies and looking for the most convenient, secure, and fastest possible solutions that combine intelligent data processing, security, and business management functions. Millions of debit and credit card holders care about secure payments, the businesses that receive these payments are secure in terms of security, and the operators that process such incoming and outgoing payments are interested in innovative solutions that set them apart from the competition. Amid the COVID-19 pandemic, when e-commerce was growing exponentially, the global market for fraud detection and prevention, currently stands at USD 20.9 billion, and is expected to grow, until 2025 will rise to USD 38.2 billion by the end of the year; holds the market at 12.8 % annually. The US remains the dominant region in this market segment, but European countries are also increasingly investing in fraud prevention and detection solutions, which are growing in demand in Europe due to an increase in cybercrime as well as advanced bots and cyber-attack.