pith. sign in

arxiv: 2604.11429 · v1 · submitted 2026-04-13 · 💻 cs.CR

Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review

Mir Mehedi A. Pritom , Seyed Mohammad Sanjari , Maraz Mia , Ashfak Md Shibli , S M Mostaq Hossain , Muhammad Ismail , Shouhuai Xu This is my paper

Pith reviewed 2026-05-10 15:37 UTC · model grok-4.3

classification 💻 cs.CR
keywords smishingSMS phishingsystematic reviewuser susceptibilityattack characterizationdefense mechanismsphishing datasetssocial engineering
0
0 comments X

The pith

SMS phishing research is organized into four pillars covering user behavior, attacks, defenses, and datasets.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper fills a gap by delivering the first systematic review of SMS phishing, or smishing, which tricks users via text messages to steal data or spread malware. It organizes the literature around four pillars: how users perceive and respond to these attacks, how attacks are designed and executed, what defensive methods have been proposed, and which datasets support further study. The review notes rapid growth in smishing incidents and associated financial losses, along with the absence of any prior comprehensive overview that includes resources like datasets. By mapping the current landscape, the work identifies patterns in attacks and defenses while outlining directions for future research to reduce the threat.

Core claim

The authors systematize current smishing research efforts across four research pillars: (a) user perception and susceptibility, (b) attack characterization, (c) defense landscape, and (d) smishing datasets. They observe that no prior systematic review has captured the evolving attack and defense landscape together with available resources, and they propose novel future research directions for more effective mitigation of smishing attacks.

What carries the argument

The four research pillars used to categorize and analyze the smishing literature: user perception and susceptibility, attack characterization, defense landscape, and smishing datasets.

If this is right

  • Mapping user susceptibility highlights opportunities for more effective awareness and training programs.
  • Detailed attack characterization supports the creation of targeted detection rules and tools.
  • Review of the defense landscape identifies under-explored areas for new protective technologies.
  • Cataloging smishing datasets enables standardized testing and comparison of detection methods.
  • The suggested future directions provide a roadmap for addressing gaps in current mitigation approaches.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The pillar-based structure could be adapted to systematize research on other mobile social-engineering threats such as vishing.
  • Centralizing the identified datasets might accelerate development of shared benchmarks for machine-learning SMS classifiers.
  • Insights from user susceptibility could inform regulatory requirements for mobile carriers to implement better message filtering.
  • Testing the proposed future directions in controlled user studies would provide empirical validation of their priority.

Load-bearing premise

The existing literature on smishing is sufficiently mature and accessible to support a comprehensive and unbiased systematization across the four pillars without major omissions or selection biases.

What would settle it

Discovery of a substantial body of peer-reviewed smishing studies or datasets published within the review's time frame that were not included or do not align with any of the four pillars.

Figures

Figures reproduced from arXiv: 2604.11429 by Ashfak Md Shibli, Maraz Mia, Mir Mehedi A. Pritom, Muhammad Ismail, Seyed Mohammad Sanjari, Shouhuai Xu, S M Mostaq Hossain.

Figure 1
Figure 1. Figure 1: Scope of the present study. • User Perception and Susceptibility: This pertains to user behaviors, perceptions, and especially user susceptibilities when exposed to smishing threats. • Attack Characterization: This includes attack types, attack tactics, emerging threats, and PTs (psychologi￾cal techniques). • Defense Landscape: This systematizes the strengths, weaknesses, and transparency of existing detec… view at source ↗
Figure 3
Figure 3. Figure 3: Count of overlapping papers and materials between different categories of smishing research. For example, papers that categorize attack characterization often propose detection methods and place them in both Attack Characterization and Defense Landscape. To capture this, we used a multi-label tagging approach. We assigned papers to multiple categories based on their substantial contributions to pillars, in… view at source ↗
Figure 2
Figure 2. Figure 2: Selected 119 papers, 23 legal documents, 16 online [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 4
Figure 4. Figure 4: PRISMA flowchart for systematic literature review of SMS phishing research 2.1.1. RQs Related to User Perception and Susceptibility Understanding user perceptions and susceptibility are important to comprehend smishing threats. Hence, we pro￾pose the following three RQs to understand user’s perception and susceptibility when exposed to smishing attacks based on existing user-studies: • RQ-B1: How much susc… view at source ↗
Figure 5
Figure 5. Figure 5: Analysis of ethnicity in existing user studies (Timko et al.). to older age groups and exhibit much lower interaction rates in actual smishing tests (approx. 4.2% vulnerability). In contrast, adults over 45 express greater comfort with genuine messages, which corresponds with significantly higher vul￾nerability in practice (approx. 25%) for smishing messages as well. Finally, although detection skills in c… view at source ↗
Figure 6
Figure 6. Figure 6: Analysis of age-related patterns in existing user studies (Timko et al.). on diverse factors [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Overview of SMS phishing threat landscapes [PITH_FULL_IMAGE:figures/full_fig_p012_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Mapping of PF classes, PFs and Corresponding PTs busyness, hurry, stress, workload, cognitive miser, author￾ity, and fear. [v] Decoy effect: refers to making users believe they are re￾ceiving a good deal. It exploits the following PFs: impulsiv￾ity, trust, affective commitment, scarcity, and freewheeling. [vi] Loss aversion: means providing a free good or service to build the victim’s trust and attachment … view at source ↗
Figure 9
Figure 9. Figure 9: Evolution in smishing attack (upper boxes) and defense (lower boxes) strategies over the years users who do not use voice calls to verify the messages (Wang et al., 2024). There are other proposed methods that incorporate mo￾bile applications for smishing detection by analyzing in￾coming messages for suspicious message contents, links, or sender information (Goel et al., 2024; Shinde et al., 2024; Chichwad… view at source ↗
Figure 10
Figure 10. Figure 10: Percentage of phone numbers and URLs inside spam/smish messages in UCI ML Repo (2011) and SmishTank (2024) datasets among all the mentioned studies. In the original dataset paper (Salman et al., 2024), the authors achieved the highest accuracy (97.8%) and F-1 score (99%) on the dataset by using a two-class SVM model. They also applied other deep learning models and obtained the best performance on the RoB… view at source ↗
read the original abstract

SMS Phishing (also known as 'smishing') is a growing deceptive social engineering (SE) attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages (e.g., responding to or clicking URLs). This threat has increased rapidly in recent years, causing $470M in financial losses for United States users in 2024 alone. This threat is also evolving rapidly, meaning that attackers continually adapt their tactics, reshaping the landscape. There is a significant body of literature on investigating smishing attacks and defenses. However, there is no systematic review that reflects the current attack and defense landscape along with available resources (i.e., relevant datasets). This motivates us to systematize the current smishing research efforts, including the following four research pillars: (a) user perception and susceptibility, (b) attack characterization, (c) defense landscape, and (d) smishing datasets. This leads us to propose novel future research directions towards effectively mitigating smishing attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The manuscript presents a systematic literature review on SMS phishing (smishing) attacks and defenses. It argues that no prior systematic review covers the current landscape and available resources, and thus organizes the review into four pillars: user perception and susceptibility, attack characterization, defense landscape, and smishing datasets. The review follows a standard methodology with search strings, databases, inclusion/exclusion criteria, and a PRISMA flow diagram, summarizes findings from selected studies, and proposes future research directions to mitigate smishing attacks.

Significance. If the review holds, it offers a valuable consolidation of smishing research, identifying gaps and resources that can accelerate progress in defending against this evolving threat, which caused $470M in US losses in 2024. The paper's strength lies in its transparent methodology, including a PRISMA-style flow, which supports reproducibility and allows for easy updates as the field evolves. This systematization is particularly useful given the rapid adaptation of attacker tactics.

minor comments (2)
  1. [Abstract] Abstract: The claim of no prior systematic review would be strengthened by a brief statement confirming that searches for existing reviews were conducted as part of the protocol.
  2. [Methodology] Methodology section: While the PRISMA-style flow is noted, including the exact search strings used and the number of papers screened at each stage in the main text or appendix would enhance full reproducibility.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their thorough and positive assessment of our manuscript, including the accurate summary of our contributions, the transparent PRISMA-based methodology, and the recommendation for minor revision. The referee correctly notes the value of systematizing smishing research across the four pillars and the importance of the $470M loss figure and evolving threat landscape. No specific major comments were raised in the report.

Circularity Check

0 steps flagged

No significant circularity identified

full rationale

This is a systematic literature review paper whose core activity is surveying and organizing external published studies across four pillars using explicit, reproducible search strings, database choices, and PRISMA-style inclusion criteria. No derivations, equations, fitted parameters, or predictions are present that could reduce outputs to inputs by construction. The motivating claim (absence of prior comprehensive reviews) is an external literature observation, not a self-referential definition or self-citation chain. All content is drawn from independent sources, making the work self-contained against external benchmarks with no load-bearing internal reductions.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

This is a literature review with no new mathematical derivations, empirical fits, or postulated entities; it rests on standard assumptions about literature search and categorization.

axioms (1)
  • domain assumption The smishing research landscape can be adequately partitioned into the four pillars of user perception and susceptibility, attack characterization, defense landscape, and smishing datasets.
    Explicitly stated in the abstract as the organizing framework for the review.

pith-pipeline@v0.9.0 · 5510 in / 1226 out tokens · 52693 ms · 2026-05-10T15:37:50.401635+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

4 extracted references · 4 canonical work pages

  1. [1]

    Ahsan Pritom, M.M., Schweitzer, K.M., Bateman, R.M., Xu, M., Xu, S., 2020a

    ‘hey mum, i dropped my phone down the toilet’: Investigating hi mum and dad sms scams in the united kingdom, in: Usenix Security Symposium. Ahsan Pritom, M.M., Schweitzer, K.M., Bateman, R.M., Xu, M., Xu, S., 2020a. Characterizing the landscape of covid-19 themed cyberattacks and defenses, in: 2020 IEEE International Conference on Intelligence and Securit...

    work page doi:10.1109/isi49825.2020.92 2020

  2. [2]

    of Investigation, F.B., 2022

    URL:https://link.springer.com/10.1007/978-3-030-96305-7_10. of Investigation, F.B., 2022. 2022 elder fraud report.https://www.ic3. gov/AnnualReport/Reports/2022_IC3ElderFraudReport.pdf. [Accessed 19-07-2025]. Jain, A.K., Gupta, B.B., 2019. Feature based approach for detection of smishing messages in the mobile environment. Journal of Information Technolog...

    work page doi:10.1007/978-3-030-96305-7_10 2022

  3. [3]

    why should i trust you?

    Enhancing cybersecurity: Hybrid deep learning approaches to smishing attack detection. Systems 12, 490. Malwarebytes,.Malwarebytes-MobileSecurity—apps.apple.com.https: //apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431 ?mt=8. [Accessed 05-08-2025]. Mambina, I.S., Ndibwile, J.D., Michael, K.F., 2022. Classifying swahili smishingattacksformob...

    work page doi:10.1007/s42979-0 2025

  4. [4]

    in Computer Science at the University of Texas at San Antonio (UTSA)

    In 2022, he completed his Ph.D. in Computer Science at the University of Texas at San Antonio (UTSA). Dr. Pritom has published a number of high-impact peer-reviewed papers and posters in leading conferences, journals, and workshops such as IEEE S&P (Oakland), IEEE CNS, IEEE GlobeCom, IEEE Blockchain, ACM CODASPY, IEEE ISI, IEEE ICCCN, and the Journal of P...

    work page 2022