1. A method for detecting phishing attacks in Short Message Service (SMS)
communications, the method comprising:
5 determining, by a phishing detection system, a sender reputation score of a
sender of an SMS message and Call To Action (CTA) data embedded in the SMS
message;
retrieving, by the phishing detection system, via a communication network, a
pre-determined message pattern data, pre-determined sender reputation data, and pre10 determined CTA data from a database associated with the phishing detection system;
classifying, by the phishing detection system, each of a message pattern, the
sender, and the CTA data as one of good, bad and unknown based on a comparison
with the pre-determined message pattern data, the pre-determined sender reputation
data, and the pre-determined CTA data;
15 detecting, by the phishing detection system, that the SMS message is a phishing
message based on the classifications of the message pattern, the sender, and the CTA
data;
transmitting, by the phishing detection system, via a cellular communication
network, an alert notification to a telecommunication server, upon detecting SMS
20 message the phishing message; and
automatically blocking, by the phishing detection system, the phishing message
from being delivered to a recipient.
2. The method as claimed in claim 1, wherein the classifying further comprising:
25 comparing, by the phishing detection system, the SMS message with the predetermined message pattern data, wherein the pre-determined message pattern data
comprises a set of whitelisted message patterns and a set of blacklisted message
patterns; and
classifying, by the phishing detection system, the message pattern as one of:
30 good, when the SMS message matches with a pre-determined whitelisted
message pattern;
bad, when the SMS message matches with a pre-determined blacklisted
message pattern; and
29
unknown, when the SMS message does not match with any of the predetermined message pattern data.
3. The method as claimed in claim 1, wherein determining the sender reputation score,
5 by the phishing detection system, further comprising, evaluating the sender
reputation score of the sender:
based on one or more parameters including a sender header of the sender, an
entity name of an entity associated with the sender, a telecom operator associated with
the sender, a registration date of the sender header, average volume of SMS messages
10 sent from the sender header in a month, a number of complaints associated with the
sender header, an industry category of the entity, a type of the SMS message, a
template identifier of a predetermined message pattern that matches with the SMS
message, a number of variables in the matched predetermined message pattern, and a
percentage of a static message content in the SMS message, in an Application to
15 Person (A2P) transmission of SMS message; and
based on one or more parameters including a longevity of a sender phone
number of the sender, a number of SMS messages sent from the sender phone number,
a number of SMS messages received on the sender phone number, a number of A2P
SMS messages received on the sender phone number, a length of the SMS message,
20 a type of the SMS message, and a telecom operator associated with the sender phone
number in a Person to Person (P2P) transmission of SMS message.
4. The method as claimed in claim 1, wherein the classifying further comprising:
comparing, by the phishing detection system, the sender reputation score with
the pre-determined sender reputation data, wherein the pre-determined sender
25 reputation data comprises a first score range, a second score range and a third score
range; and
classifying, by the phishing detection system, the sender as one of:
good, when the sender reputation score falls within a first score range;
bad, when the sender reputation score falls within a second score range;
30 and
unknown, when the sender reputation score falls within a third score
range.
30
5. The method as claimed in claim 1, wherein the classifying further comprising:
comparing, by the phishing detection system, each of the one or more CTAs
with the pre-determined CTA data, wherein the pre-determined CTA data comprises
a set of pre-determined whitelisted CTAs and a set of pre-determined blacklisted
5 CTAs;
classifying, by the phishing detection system, each of the one or more CTAs as
one of good if the CTA matches with a pre-determined whitelisted CTA, bad if the
CTA matches with a pre-determined blacklisted CTA, and unknown if the CTA does
not match with any of the pre-determined CTAs.
10
6. The method as claimed in claim 5, wherein classifying each of the one or more CTAs
further comprising:
determining that the one or more CTAs comprise a Uniform Resource Locator
(URL); and
15 classifying the one or more CTAs as one of good and bad, based on a set of
predefined conditions, wherein the set of predefined conditions comprise:
identifying whether a name of at least one brand entity is present on a
website associated with the URL;
detecting whether at least one logo associated with the at least one brand
20 on the website; and
determining whether a URL domain of the URL is different from a URL
domain associated the at least one brand entity.
7. The method as claimed in claim 1, wherein detecting the message is the phishing
25 message, further comprising:
detecting, by the phishing detection system, the SMS message as a phishing
message when one of:
the classification of at least two of the message pattern, the sender and the
CTA data is bad; and
30 the classification of the sender and the message pattern is one of bad and
unknown, and the classification of the CTA data is bad.
8. The method as claimed in claim 1, further comprising:
detecting, by the phishing detection system, that the message is a genuine
31
message when:
the SMS message is not a phishing message, and
the classification of at least two of the message pattern, the sender and
the CTA data is one of good and unknown;
5 transmitting, by the phishing detection system, via the cellular communication
network, the alert notification to the telecommunication server upon detecting that
the SMS message is the genuine message; and
automatically allowing, by the phishing detection system, the genuine message
to be delivered to the recipient.
10
9. The method as claimed in claim 1, further comprising investigating, by the phishing
detection system, the SMS message upon determining one of:
the classification of at least two of the message pattern, the sender and the CTA
data is unknown; and
15 the classification of the message pattern and the CTA data is one of good and
unknown and the classification of the sender is good; and
wherein the investigating comprises:
calculating a total number of times the SMS message is received at a cellular
gateway;
20 dynamically updating the classification of one or more of the message
pattern, the sender and the CTA data based on one or more predefined conditions
related to the total number of times; and
dynamically updating a classification of the SMS message as one of phishing
and genuine based on the dynamically updated classification.
25
10. The method as claimed in claim 9, wherein the one or more predefined conditions for
dynamically updating the classification of the sender comprise:
determining, by the phishing detection system, that the SMS message total
number of times is same as a first predefined number of times over a first predefined
30 period of time; and
dynamically updating, by the phishing detection system, the classification of the
sender based on the classification of the message pattern and the CTA data;
32
wherein the one or more predefined conditions for dynamically updating the
classification of the message pattern comprise:
determining, by the phishing detection system, that the SMS message
total number of times is same as a second predefined number of times over a
5 second predefined period of time; and
dynamically updating, by the phishing detection system, the classification
of the message pattern based on the classification of the sender and the CTA
data;
wherein the one or more predefined conditions for dynamically updating the
10 classification of the CTA data comprise:
determining, by the phishing detection system, that the SMS message total
number of times is same as a third predefined number of times over a third predefined
period of time; and
dynamically updating, by the phishing detection system, the classification of the
15 CTA data of the SMS message based on the classification of the sender and the
message pattern