CYBERSECURITYStudy Sheds Light on Shady World of Text Message Phishing Scams

By Matt Shipman

Published 30 May 2024

Researchers have collected and analyzed an unprecedented amount of data on SMS phishing attacks, shedding light on both the scope and nature of SMS phishing operations.

Researchers have collected and analyzed an unprecedented amount of data on SMS phishing attacks, shedding light on both the scope and nature of SMS phishing operations. The work also outlines techniques that can be used to collect additional data on phishing activities, and identifies avenues that law enforcement officials can use to address phishing operations.

At issue is SMS phishing, which refers to attacks where scammers use text messages to try to trick people into sharing private information – such as credit card numbers or passwords – by impersonating a trusted party, such as a bank or government agency.

“In 2023 the world saw more phishing attacks than ever before, according to data from the Anti-Phishing Working Group,” says Alex Nahapetyan, first author of a paper on the study and a Ph.D. student at North Carolina State University.

“These attacks affect online security and privacy for consumers and can be extremely costly, but we have very little data on them,” Nahapetyan says. “That’s because telecommunications companies are concerned about customer privacy and are reluctant to comb through the private data shared via text messages.”

To get around this limitation, the researchers made use of SMS gateways, which are online websites that allow users to obtain disposable phone numbers. The researchers used SMS gateways to obtain a large number of disposable phone numbers. Because SMS phishing is now so widespread, they were able to simply wait for those disposable phone numbers to begin receiving phishing attacks.

Using this technique, the researchers monitored 2,011 phone numbers and identified 67,991 phishing messages over the course of 396 days.

Using text analysis, the researchers determined that those phishing messages could be divided into 35,128 unique campaigns – meaning that they were using virtually identical content. Further analysis found that those campaigns were associated with 600 distinct SMS phishing operations.

“For example, if we saw multiple campaigns that were directing targets to click on the same URL, those campaigns were part of the same operation,” Nahapetyan says. “By the same token, if we saw a single campaign that used multiple URLs, we were able to determine that those URLs were part of the same operation.”

Some of the findings were surprising. For example, the researchers found that SMS phishers are using mainstream servers, URL-shortening apps and web infrastructure to support their operations.