SM‐Detector: A security model based on BERT to detect SMiShing messages in mobile environments

Summary The growing use of SMS by businesses to communicate with their customers has made attackers more interested in smishing attacks. Smishing is a security attack that involves sending a fake SMS message in order to steal the personal credentials of mobile users. This kind of attack has become a serious cyber‐security issue and has caused great financial losses for both people and businesses. In this article we propose a hybrid security model called “SM‐Detector” aiming to detect smishing messages in mobile environments. To increase the efficiency of “SM‐Detector,” we have combined three different detection methods: (i) identification of malicious URLs, (ii) identification of suspected words, phone numbers and emails with regular expression analysis, and (iii) classification of messages using BERT‐based algorithms to distinguish spam messages. “SM‐Detector” also includes a mobile application allowing the user to check their SMS and report smishing messages. Its strength is that it can deal with mixed text messages written in Arabic or English. The experimental evaluation conducted on English and Arabic datasets showed a remarkable accuracy of 99.63%.