My Phd student Sarah Tabassum is here with me at the Symposium on Usable Privacy and Security in Philadelphia, PA, USA, presenting our paper during Tuesday’s Mobile Security block: “What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake.”
For this study, we interviewed 29 people (half students, half outside of campus) about how they make sense of the flood of strange messages received on their phones. Texts with links were commonly seen as “fake” (bad news for the political campaign trying to advertise a pre-primary rally!).
As an Apple user, I was surprised/pleased that Android owners get interface warnings of possible spam or scam texts (see pic). However, there’s no way to report messages. (iPhone has a “Report Junk” option, but no “Report Smish” button either.)
Our SPEX Lab group is now thinking about how to better support mobile users in making sense of these messages and learning how to spot the scam SMS-type texts (“smishing” = SMS + phishing).
Something to know – scammers often now will not send a fake link in the 1st text. Instead, they “soft sell”, building trust with a series of messages. Once you reply, THEN they text the link to steal your credentials – or, call and claim to be security investigating the text!
- Sarah Tabassum, Cori Faklaris, and Heather Richter Lipford. 2024. What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake. In Proceedings of the 20th Symposium on Usable Privacy and Security. Retrieved June 25, 2024 from https://www.usenix.org/conference/soups2024/presentation/tabassum-sarah