• Title/Summary/Keyword: SMS Phishing

Search Result 11, Processing Time 0.028 seconds

A Study on Damage and Countermeasures of SMS Phishing (스미싱의 피해와 대응방안에 관한 연구)

  • Kim, Jang Il;Lee, Heui Seok;Kim, Ji Ung;Jung, Yong-Gyu
    • Journal of Service Research and Studies
    • /
    • v.5 no.1
    • /
    • pp.71-78
    • /
    • 2015
  • Created, but the development of mobile devices to have a margin of life have appeared in the opposite forces that are considered to be the target of financial crime and attacks them. Financial crime among crimes that target the smartphone SMS phishing, phishing, pharming, phishing, etc. voice and, in particular, a phenomenon that is growing a lot of SMS phishing is by nature a text message to your mobile. Ye Jin proactive rather than post responses in order to be safe from the SMS phishing attack individuals and businesses, and asset protection is even more important in the country. For this, the SMS phishing attack detected in advance and that can block the development program, it is necessary to deploy.

Dynamic Evaluation Methods for SMS Phishing Blocking App Based on Detection Setup Function (감지설정기능을 적용한 스미싱 차단앱의 동적 평가방법에 관한 연구)

  • Kim, Jang Il;Kim, Myung Gwan;Kwon, Young Man;Jung, Yong Gyu
    • Journal of Service Research and Studies
    • /
    • v.5 no.2
    • /
    • pp.111-118
    • /
    • 2015
  • Although the development of mobile devices are made us a free life, they were displayed the subject of this financial crime and attacking forces in the other side. Among finance-related crime is become a serious crime that are targeting smartphones by SMS phishing, phishing, pharming, voice phishing etc. In particular, SMS phishing is increased according to phenomenon using the nature of a text message in the mobile. SMS phishing is become new crime due to the burden to the smartphone user. Their crime is also the advanced way from the existing fraud, such as making the malicious apps. Especially it generates loopholes in the law by a method such as using a foreign server. For safe from SMS phishing attacks, proactive pre-diagnosis is even more important rather than post responses. It is necessary to deploy blocking programs for detecting SMS phishing attacks in advance to do this. In this paper we are investigating the process of block types and block apps that are currently deployed and presenting the evaluation of the application of the detection block setting app.

Designing SMS Phishing Profiling Model (스미싱 범죄 프로파일링 모델 설계)

  • Jeong, Youngho;Lee, Kukheon;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.2
    • /
    • pp.293-302
    • /
    • 2015
  • With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.

Design of SMS Phishing Detection Mechanism in Android Environment (안드로이드 환경에서 SMS 피싱 행위 탐지 기능 설계)

  • Ahn, Sung-Hwan;Min, Jae-Won;Park, Min-Woo;Chung, Tai-Myoung
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2013.01a
    • /
    • pp.67-70
    • /
    • 2013
  • 스마트폰 보급은 현대인들에게 시간적, 공간적 제약에서 벗어나 언제 어디서나 무선 인터넷을 사용하여 모바일 뱅킹, 결재, 증권거래 등 원하는 서비스를 이용할 수 있게 해주었다. 사용자들은 이를 이용하여 다양한 정보들을 검색, 저장, 이용한다. 그러나 무선 인터넷의 순기능과는 반대로 최근 모바일 기기의 보안취약점을 이용한 악성애플리케이션 및 각종 공격으로 사용자 개인정보탈취의 위협이 증가하고 있다. 사회공학공격의 일종인 피싱(Phishing)은 신뢰받는 기관을 사칭하여 만들어놓은 가짜사이트에 사용자로부터 자신의 개인정보 및 금융정보를 입력하게끔 유도하여 사용자정보를 탈취하는 방법으로 최근 SMS를 이용하여 정부 및 금융기관을 사칭한 문자를 보내 피싱사이트로 접속을 유도하는 피해사례가 증가하고 있다. 본 논문에서는 국내 피싱사이트의 유형을 분석하고 피싱사이트로 접근을 유도하는 방법 중 하나인 SMS를 이용한 피싱을 방지 할 수 있는 시스템을 고안한다.

  • PDF

The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing (스마트폰 피싱에 안전한 메신저 인증 프로토콜 설계 및 구현)

  • Yu, Byung-Seok;Yun, Sung-Hyun
    • Journal of the Korea Convergence Society
    • /
    • v.2 no.4
    • /
    • pp.9-14
    • /
    • 2011
  • Phishing is an attack to theft an user's identity by masquerading the user or the device. The number of phishing victims are sharply increased due to wide spread use of smart phones and messenger programs. Smart phones can operate various wi-fi based apps besides typical voice call and SMS functions. Generally, the messenger program such as Kakao Talk or Nate On is consisted of client and server functions. Thus, the authentication between the client and the server is essential to communicate securely. In this paper, we propose the messenger authentication protocol safe against smart phone phishing. To protect communications among clients, the proposed method provides message encryption and authentication functions.

A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing (빅데이터 기반의 융합 보이스피싱을 이용한사회공학적 공격 기법과 대응방안)

  • Kim, Jung-Hoon;Go, Jun-Young;Lee, Keun-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.6 no.1
    • /
    • pp.85-91
    • /
    • 2015
  • Recently government has distributed precautionary measure and response procedures for smishing(SMS phishing), pharming, phishing, memory hacking and intensified Electronic Financial Transaction Act because of the sharp increase of electronic bank frauds. However, the methods of electronic bank frauds also developed and changed accordingly so much it becomes hard to cope with them. In contrast to earlier voice phishing targeted randomizing object, these new methods find out the personal information of targets and analyze them in detail making a big data base. And they are progressed into new kind of electronic bank frauds using those analyzed informations for voice phishing. This study analyze the attack method of voice phishing blended with the Big Data of personal informations and suggests response procedures for electronic bank frauds increasingly developed. Using the method to save meaningless data in a memory, attackers cannot deduct accurate information and try voice phishing properly even though they obtain personal information based on the Big Data. This study analyze newly developed social technologic attacks and suggests response procedures for them.

SHRT : New Method of URL Shortening including Relative Word of Target URL (SHRT : 유사 단어를 활용한 URL 단축 기법)

  • Yoon, Soojin;Park, Jeongeun;Choi, Changkuk;Kim, Seungjoo
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.6
    • /
    • pp.473-484
    • /
    • 2013
  • Shorten URL service is the method of using short URL instead of long URL, it redirect short url to long URL. While the users of microblog increased rapidly, as the creating and usage of shorten URL is convenient, shorten url became common under the limited length of writing on microblog. E-mail, SMS and books use shorten URL well, because of its simplicity. But, there is no relativeness between the most of shorten URLs and their target URLs, user can not expect the target URL. To cover this problem, there is attempts such as changing the shorten URL service name, inserting the information of website into shorten URL, and the usage of shortcode of physical address. However, each ones has the limits, so these are the trouble of automation, relatively long address, and the narrowness of applicable targets. SHRT is complementary to the attempts, as getting the idea from the writing system of Arabic. Though the writing system of Arabic has no vowel alphabet, Arabs have no difficult to understand their writing. This paper proposes SHRT, new method of URL Shortening. SHRT makes user guess the target URL using Relative word of the lowest domain of target URL without vowels.

Design and Implement of Anti-Smishing System based-on Android (안드로이드 기반 스미싱 방지 시스템 설계 및 구현)

  • Jang, Rae-Young;Bae, Jung-Min;Jung, Sung-Jae;Sung, Kyung;Soh, Woo-Young
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.10a
    • /
    • pp.790-793
    • /
    • 2013
  • Lastest Smishing is one of the hacking techniques target on the Android smartphone. Smishing using the SMS message is a new hacking techniques. smishing sends a message to the user included trojan address. It collects personal information and to control smartphones. In particular, without the user's knowledge of the retail payment service provider uses the service. It caused damage worth up to 300,000 won. It damage to users through different types of text messages. This paper Smishing typical methods and types are described in damages. This paper are described in damages and type by Smishing. This paper propose preventive and fundamental solution. We designed and implemented a anti-smishing system for android.

  • PDF

Implementation of A Mobile Application for Spam SMS Filtering Using Set-Based POI Search Algorithm (집합 기반 POI 검색 알고리즘을 활용한 스팸 메시지 판별 모바일 앱 구현)

  • Ahn, Hye-yeong;Cho, Wan-zee;Lee, Jong-woo
    • Journal of Digital Contents Society
    • /
    • v.16 no.5
    • /
    • pp.815-822
    • /
    • 2015
  • By the growing of SMS phishing victims, applications for processing spam messages are being released in succession. However most spam messages that cleverly modified the content like separating the consonants and vowels are fail to be filtered. In this paper, we implemented an application 'AntiSpam' which is able to identify spam strings in the text message to solve this problem. 'AntiSpam' searches spam strings in the text message by using set-based POI search algorithm, and then calculate the possibility of whether it is spam or not in accordance with the search results. In addition, it catches skillfully disguised spam messages in order to avoid missing the spam filtering. Users, who received a message, can check the result in spam message possibility decision result and the contents of the message and they can choose how to handling the message.

A Study for Influencing Factors of Organizational Performance: The Perspective of the Mediating Effect of Information Security Maturity Level (조직성과에 미치는 영향요인에 관한 연구: 정보보호 성숙도의 매개효과를 중심으로)

  • Park, Jeong Kuk;Kim, Injai
    • The Journal of Information Systems
    • /
    • v.23 no.3
    • /
    • pp.99-125
    • /
    • 2014
  • Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations's information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.