On SMS Phishing Tactics and Infrastructure
Aleksandr Nahapetyan, Sathvik Prasad, Kevin Childs, Adam Oest, Yeganeh Ladwig, Alexandros Kapravelos
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 4
SMS phishing, commonly known as **smishing**, represents a pervasive and evolving threat in the landscape of social engineering attacks. This presentation, delivered by Aleksandr Nahapetyan from NC State University, details a collaborative research effort with PayPal, published at IEEE S&P 2024, that sheds light on the tactics and underlying infrastructure leveraged by SMS phishers. The talk addresses the critical need for a deeper understanding of smishing operations, which have consistently increased over the past four years, as reported by the Anti-Phishing Working Group (APWG).
AI review
This research introduces a highly novel methodology for understanding SMS phishing by leveraging public SMS gateways as a real-time data source. The detailed infrastructure analysis and discovery of attacker testing behaviors provide unprecedented visibility into smishing operations, offering critical, actionable intelligence for threat defenders and telcos.