Smishing Detection: Combating SMS Phishing Attacks by Utilizing Machine-Learning Algorithms
Aqsa Shaikh1, Mariya Shaikh2, Srivaramangai R.3
1Aqsa Shaikh, Student, Department of Information Technology, University of Mumbai, Mumbai (Maharashtra), India.
2Mariya Shaikh, Student, Department of Information Technology, University of Mumbai, Mumbai (Maharashtra), India.
3Srivaramangai R., Head of the Department of Information Technology, University of Mumbai, Mumbai (Maharashtra), India.
Manuscript received on 15 February 2025 | First Revised Manuscript received on 18 February 2025 | Second Revised Manuscript received on 01 April 2025 | Manuscript Accepted on 15 April 2025 | Manuscript published on 30 April 2025 | PP: 28-33 | Volume-14 Issue-5, April 2025 | Retrieval Number: 100.1/ijitee.D106814040325 | DOI: 10.35940/ijitee.D1068.14050425
Open Access | Editorial and Publishing Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: With the rapid uptake of mobile communications, cybercriminals have increasingly resorted to using SMS (Short Message Services) in the guise of phishing attacks commonly referred to as smishing (SMS phishing). Phishing SMS messages impersonate trusted organizations to persuade users into clicking malicious links, providing personal credentials, or installing malware. This paper reviews up-to-date advancements in machine learning for smishing detection, using insights derived from various studies on the subject. It looks into critical machine learning models such as Deep Learning models (CNN, LSTM), Logistic Regression, Random Forest, Support Vector Machines (SVM), and Gradient Boosting,) to classify messages as spam, phishing, or legitimate. It examines feature extraction techniques such as TF-IDF, N-grams, and natural language processing (NLP) in the hope of improving detection accuracy. In this way, it also looks at how cyber threat intelligence and real-world datasets such as SpamAssassin, the UCI Machine Learning Repository, and PhishTank can be used to build strong models. The results show that ensemble learning and hybrid deep learning techniques are better at finding things than traditional methods, and they do this without increasing the number of false positives. Challenges such as adversarial SMS attacks, multilingual phishing messages, and real-time detection limitations remain plausible. Future works need to look into adaptability to real-time models, CTI-based threat analysis, and understandable AI (XAI) detection transparency. Applying machine learning-driven smishing detection brings up the overall solution’s intelligent automated approach and adaptive defense mechanisms against mobile phone phishing threats evolving, resulting in increased security for mobiles and, hence, their users.
Keywords: Cyber Threat Intelligence, Machine Learning, Smishing Detection, SMS Spam Classification, Convolutional Neural Network, Long Short Term Memory, Term Frequency Inverse Document Frequency, Optimal Feature Extraction Algorithm, Independent Recurrent Neural Network, Capsule Network, Random Fores.
Scope of the Article: Information and Data Security