• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Journal of Information Technology Services
• /
• v.15 no.2
• /
• pp.35-49
• /
• 2016

With the gradual development of IT technology, voice phishing victims are increasing in number. In the past when only voice phone calls were made, personal information or financial information were stolen mainly by a direct phone call, but recently, as smart phones are widely in use, it is evolving into a way such as smishing that leads an access to a site with malicious codes spreading out. Since it is easy to run away after committing a crime, and trace are rarely left in case of voice phishing, it is difficult to find out criminal. In addition, it is most likely that a victim be would be exposed to further damage from another voice phishing. Its technique is growing in kinds and turning more intelligent day by day; Therefore, its victims are increasing in number. Previous researches mainly focused the area of legal studies while the factors exposed to voice phishing have not been made. Therefore, this study has analyzed the motifs in which voice phishing is done to draw out its outcomes as follows. First, a victim comes to trust the criminal by the factors of favorability, rare message, and mutuality. Second, the more sophisticated the technique of a criminal, the more likely a victim is exposed to voice phishing.

• The Journal of Society for e-Business Studies
• /
• v.20 no.1
• /
• pp.1-22
• /
• 2015

Due to recent growth in IT industry along with the expansion of smartphone, we came to connect to the Internet wherever and whenever we are. However, this causes negative side effects, though. One of them is a rapid increase of the financial crimes such as the Phishing and the SMishing. There have been many on-going researches about crimes such as Phishing and SMishing to protect users. However, the study about sharing knowledge on SNS to prevent such a crime can be hardly found. Based on social identity theory, we conduct the research about factors on SNS users' intention to share the information security knowledge on SNS. As a result, we found that knowledge provision self-efficacy has a significant impact on self-expression. In addition, it also found out self-expression, awareness about information security and the sense of belonging have a significant impact respectively on the intention to share the information security knowledge on SNS. On the other hand, the altruism didn't have a significant impact to the intention to share information security knowledge on SNS. With this research as a starting point, it seems necessary to expand its range to all types of online community in the future for the generalization of the hypotheses.

• Review of KIISC
• /
• v.23 no.4
• /
• pp.73-81
• /
• 2013

최근 정보통신기술 분야의 최대 관심사는 스마트폰 분야이다. 이러한 흐름에 발맞추어 스마트폰에 관련된 다양한 기술이 점진적으로 발달하였고, 누구나 쉽게 스마트폰을 이용하여 증권 거래 및 인터넷 검색, 인터넷 뱅킹 등의 다양한 서비스를 이용하고 있다. 이렇게 우리 생활에 점차 밀접한 관계를 맺음에 따라 그와 관련된 신종 Phishing들이 등장하게 되어 피해가 속출하고 있다. 본 논문에서는 스마트폰 신종 Phishing이 쉽게 발생할 수 있는 개방형 OS 환경의 특징과 스마트폰 환경에 새롭게 등장한 Smishing의 정의와 피해사례, 그리고 QRishing의 정의를 기술한다. 또한, 신종 Phishing의 피해사례와 그에 대한 대응방안에 대해 기술한다.

• Journal of the Korea Convergence Society
• /
• v.6 no.1
• /
• pp.85-91
• /
• 2015

Recently government has distributed precautionary measure and response procedures for smishing(SMS phishing), pharming, phishing, memory hacking and intensified Electronic Financial Transaction Act because of the sharp increase of electronic bank frauds. However, the methods of electronic bank frauds also developed and changed accordingly so much it becomes hard to cope with them. In contrast to earlier voice phishing targeted randomizing object, these new methods find out the personal information of targets and analyze them in detail making a big data base. And they are progressed into new kind of electronic bank frauds using those analyzed informations for voice phishing. This study analyze the attack method of voice phishing blended with the Big Data of personal informations and suggests response procedures for electronic bank frauds increasingly developed. Using the method to save meaningless data in a memory, attackers cannot deduct accurate information and try voice phishing properly even though they obtain personal information based on the Big Data. This study analyze newly developed social technologic attacks and suggests response procedures for them.

• Journal of Industrial Convergence
• /
• v.19 no.6
• /
• pp.37-47
• /
• 2021

Today, people share information and communicate with others using various information and communication media such as e-mail, smartphones, SNS, etc. However, it is being used in malicious attacks to send a large amount of illegal spam or to use it for fraud by using illegally collected personal information and devices that are vulnerable to security. Illegal spam, smishing, and fraudulent mail(SCAM) cause a lot of direct and indirect damage to companies and users, including not only social costs such as mental fatigue, but also unnecessary consumption of IT infrastructure resources and economic losses. Although there are regulations related to spam, violators of the law are still on the rise by circumventing the law, and victims are constantly occurring, so it is necessary to review what the problem is. This study examined domestic and foreign spam-related regulations and spam-related response activities, identified problems, and suggested improvement countermeasures. Through this study, it was intended to suggest directions for improving spam-related systems in order to block illegal spam and prevent fraudulent damage.

• Journal of IKEEE
• /
• v.27 no.3
• /
• pp.213-219
• /
• 2023

According to statistics from the National Police Agency, smishing crimes using texts or messengers have increased dramatically since COVID-19. In addition, most of the cases of impersonation of public institutions reported to agency were related to vaccination and reward, and many methods were used to trick people into clicking on fake URLs (Uniform Resource Locators). When detecting them, URL-based detection methods cannot detect them properly if the information of the URL is hidden, and content-based detection methods are slow and use a lot of resources. In this paper, we propose a system for URL-based detection using transformer for regular URLs and content-based detection using XGBoost for shortened URLs through the process of determining shortened URLs using GRU(Gated Recurrent Units). The F1-Score of the proposed detection system was 94.86, and its average processing time was 5.4 seconds.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.399-402
• /
• 2014

본 논문에서는 스미싱 공격에 대해서 Host기반에 의한 탐지가 아닌 네트워크 기반에서 전자서명을 이용한 모델을 제안한다. 본 모델은 네트워크 기반에서 유입된 트래픽 중 문자 메시지를 분석하여, 문자메시지 중에서 URL이 포함된 경우 트래픽을 우회하여 라우팅을 전환시켜 URL을 포함한 문자메시지 트래픽에 대해서 별도의 망구간으로 분리를 시킨다. 별도 분리된 URL이 포함된 트래픽에 대해서 apk파일 다운로드가 없는 경우에는 통과를 시키고, apk 파일 다운로드를 시도하는 트래픽에 대해서는 전자서명을 검사후, 등록이 안되어 있는 경우 차단을 한다. 이는 기본적으로 전자서명이 되지 않은 apk파일에 대한 다운로드를 원천적으로 봉쇄함으로써 스미싱 공격에 대한 근복적인 방어를 하는 방식이다. 본 모델은 Host기반에서 발생할 수 있는 우회공격을 방지하여 스미싱 위협을 해소할 수 있다. 기존 Host기반 스미싱 방지 모델의 동작 방식과 설계를 통해 장점과 단점을 언급하고 네트워크 기반에서 전자서명을 이용한 스미싱 방어의 타당성을 증명하도록 한다.

• Annual Conference on Human and Language Technology
• /
• 2021.10a
• /
• pp.564-567
• /
• 2021

스미싱은 SMS 문자를 통해 피해자를 현혹시켜 개인정보나 금전 등을 갈취하는 범죄이다. 발전하는 스미싱 범죄 수법에 대응하기 위해선 새로운 스미싱 범죄 사례에서 데이터를 추출하고, 추출한 데이터를 기존 시스템에 통합하여 빠르게 대응할 수 있어야 한다. 본 연구에서는 빠른 스미싱 대응을 위해 전처리를 하지 않은 SMS 문자 텍스트에서 지식베이스를 자동으로 추출하고 저장하는 자동 지식베이스 추출 모듈을 제안하며, 추출 시스템 지식베이스를 바탕으로 입력된 SMS가 스미싱인지 판별하는 스미싱 SMS 탐지 모듈을 통합한 자동 지식베이스 추출 기반 스미싱 SMS 탐지 시스템을 제시한다. 제시된 스미싱 SMS 탐지 모델은 UCI SMS Spam Collection Dataset을 기준으로 90.9 (F1 score)의 성능을 보여주었다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.237-238
• /
• 2023

코로나 19 로 대면이 아닌 비대면이 일상이 되며 공공기관과 기업들이 사용자에게 보내는 메시지의 양이 증가하였다. 이에 따라 공공기관을 사칭하는 메신저피싱이 증가하였다. 본 논문에서는 OpenAPI 데이터를 활용한 메신저 위험 url 감지 시스템의 설계를 제시한다. 메신저피싱으로 인한 금전 피해 및 개인정보 탈취를 예방하기 위해 메시지의 포함된 피싱 url 과 기관, 기업의 사전 안전 인증을 통한 안전 url 을 구분한다. 이를 통해 사용자에게 안전하고 쾌적한 인터넷을 제공한다. 향후, 제안하는 시스템의 현실적인 검증과 성능 평가가 필요하다.