‘What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake’ – paper at SOUPS 2024

My Phd student Sarah Tabassum is here with me at the Symposium on Usable Privacy and Security in Philadelphia, PA, USA, presenting our paper during Tuesday’s Mobile Security block: “What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake.”

For this study, we interviewed 29 people (half students, half outside of campus) about how they make sense of the flood of strange messages received on their phones. Texts with links were commonly seen as “fake” (bad news for the political campaign trying to advertise a pre-primary rally!).

As an Apple user, I was surprised/pleased that Android owners get interface warnings of possible spam or scam texts (see pic). However, there’s no way to report messages. (iPhone has a “Report Junk” option, but no “Report Smish” button either.)

Screenshot of an Android phone screen showing the notification of "Why this Looks Like Spam" for a text message that is claiming to be Chase bank.

Our SPEX Lab group is now thinking about how to better support mobile users in making sense of these messages and learning how to spot the scam SMS-type texts (“smishing” = SMS + phishing).

Something to know – scammers often now will not send a fake link in the 1st text. Instead, they “soft sell”, building trust with a series of messages. Once you reply, THEN they text the link to steal your credentials – or, call and claim to be security investigating the text!

  • Sarah Tabassum, Cori Faklaris, and Heather Richter Lipford. 2024. What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake. In Proceedings of the 20th Symposium on Usable Privacy and Security. Retrieved June 25, 2024 from https://www.usenix.org/conference/soups2024/presentation/tabassum-sarah

Author: Cori

Cori Faklaris (aka "HeyCori") is an assistant professor at the University of North Carolina at Charlotte, Department of Software and Information Systems, College of Computing. Faklaris received her PhD in human-computer interaction in 2022 from Carnegie Mellon University's Human-Computer Interaction Institute, School of Computer Science, in Pittsburgh, PA, USA. She also is a social media expert and longtime journalist, and/or "Doer of Things No One Else Wants to Do."

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.