Preliminary Results from a U.S. Demographic Analysis of SMiSh Susceptibility

As adoption of mobile phones has skyrocketed, so have scams involving them. The text method is called SMiShing, (aka SMShing, or smishing) in which a fraudster sends a phishing link via Short Message Service (SMS) text to a phone. However, no data exists on who is most vulnerable to SMiShing. Prior work in phishing (its e-mail cousin) indicates that this is likely to vary by demographic and contextual factors. In our study, we collect this data from N=1007 U.S. adult mobile phone users. Younger people and college students emerge in this sample as the most vulnerable. Participants struggled to correctly identify legitimate messages and were easily misled when they knew they had an account with the faked message entity. Counterintuitively, participants with higher levels of security training and awareness were less correct in rating possible SMiSH. We recommend next steps for researchers, regulators and telecom providers.