Smishing Detection: Combating SMS Phishing Attacks by Utilizing Machine-Learning Algorithms
Aqsa Shaikh1, Mariya Shaikh2, Srivaramangai R.3
1Aqsa Shaikh, Student, Department of Information Technology, University of Mumbai, Mumbai (Maharashtra), India.
2Mariya Shaikh, Student, Department of Information Technology, University of Mumbai, Mumbai (Maharashtra), India.
3Srivaramangai R., Head of the Department of Information Technology, University of Mumbai, Mumbai (Maharashtra), India.
Manuscript received on 15 February 2025 | First Revised Manuscript received on 18 February 2025 | Second Revised Manuscript received on 01 April 2025 | Manuscript Accepted on 15 April 2025 | Manuscript published on 30 April 2025 | PP: 28-33 | Volume-14 Issue-5, April 2025 | Retrieval Number: 100.1/ijitee.D106814040325 | DOI: 10.35940/ijitee.D1068.14050425
Open Access | Editorial and Publishing Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: With the rapid uptake of mobile communications, cybercriminals have increasingly resorted to using SMS (Short Message Services) in the guise of phishing attacks commonly referred to as smishing (SMS phishing). Phishing SMS messages impersonate trusted organizations to persuade users into clicking malicious links, providing personal credentials, or installing malware. This paper reviews the latest advancements in machine learning for smishing detection, drawing on insights from various studies on the subject. It examines critical machine learning models, including Deep Learning models (CNN, LSTM), Logistic Regression, Random Forest, Support Vector Machines (SVM), and Gradient Boosting, to classify messages as spam, phishing, or legitimate. It examines feature extraction techniques such as TFIDF, N-grams, and natural language processing (NLP) in the hope of improving detection accuracy. In this way, it also examines how cyber threat intelligence and real-world datasets, such as SpamAssassin, the UCI Machine Learning Repository, and PhishTank, can be utilised to develop robust models. The results show that ensemble learning and hybrid deep learning techniques are more effective at identifying objects than traditional methods, and they achieve this without increasing the number of false positives. Challenges such as adversarial SMS attacks, multilingual phishing messages, and limitations in real-time detection remain plausible. Future work needs to explore adaptability to real-time models, CTI-based threat analysis, and transparent AI (XAI) detection. Applying machine learning-driven smishing detection enhances the overall solution’s intelligent, automated approach and adaptive defence mechanisms against evolving mobile phone phishing threats, resulting in increased security for mobile devices and, consequently, their users.
Keywords: Cyber Threat Intelligence, Machine Learning, Smishing Detection, SMS Spam Classification, Convolutional Neural Network, Long Short Term Memory, Term Frequency Inverse Document Frequency, Optimal Feature Extraction Algorithm, Independent Recurrent Neural Network, Capsule Network, Random Fores.
Scope of the Article: Information and Data Security