What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake

Authors: 

Sarah Tabassum, Cori Faklaris, and Heather Richter Lipford, University of North Carolina at Charlotte

Abstract: 

In today's digital world, SMS phishing, also known as SMiShing, poses a serious threat to mobile users. However, it is unclear whether existing research on phishing can be applied to SMiShing. Our study aims to fill this gap by conducting interviews with 29 mobile phone users in a major southeastern U.S. city. We collected data on participants' experiences with suspicious SMS, understanding the cues they pay attention to, how they verify and report such messages, and the role of prior training in distinguishing real messages from scams. We also collected data on how specific details and context make a legitimate SMS seem genuine. Our findings indicate that participants focus more on the content, format, and links in SMS rather than the sender's short code, phone number, or email address. We suggest design changes to enhance user awareness and resilience against SMS phishing. This research provides practical knowledge to mitigate cyber threats linked to SMiShing. To the best of our knowledge, this is the first interview study on SMiShing susceptibility.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {298894,
author = {Sarah Tabassum and Cori Faklaris and Heather Richter Lipford},
title = {What Drives {SMiShing} Susceptibility? A {U.S}. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake},
booktitle = {Twentieth Symposium on Usable Privacy and Security (SOUPS 2024)},
year = {2024},
isbn = {978-1-939133-42-7},
address = {Philadelphia, PA},
pages = {393--411},
url = {https://www.usenix.org/conference/soups2024/presentation/tabassum-sarah},
publisher = {USENIX Association},
month = aug
}