CICC, De La Salle College of Saint Benilde team up to develop anti-smishing tool


The Cybercrime Investigation and Coordinating Center (CICC) has partnered with De La Salle College of Saint Benilde to develop a new tool aimed at detecting and combating smishing.

smishing.png
(Photo credit to CICC)

In a statement issued on Oct. 11, the CICC stated that the P15-million research project, titled "Behavioral Biometrics and Content Analysis: A Multi-Pronged Machine Learning Approach to Thwarting SMS Phishing (Smishing)," is funded by the Department of Science and Technology (DOST).

Major concern

CICC Executive Director Alexander K. Ramos commended the initiative, stating that it will contribute significantly to the fight against smishing in the country.

“Smishing continues to be a major concern in the Philippines,” he said. “We need new capstone projects like this with DLSU to help CICC in the prevention and suppression of cybercrime,” he added.

Ramos emphasized that other law enforcement agencies and cybersecurity professionals will also gain valuable insights from the research project.

The CICC explained that smishing is a “form of cybercrime in which attackers send deceptive messages to trick victims into revealing sensitive information, downloading malware, or visiting malicious websites.”

Some of the most common types of smishing include bank fraud alerts, missed delivery notifications, account verification requests, tech company support messages, and notifications about winning a lottery or other contests.

Meanwhile, Ramos reiterated his appeal to the public to remain cautious when receiving text messages from unknown individuals and to report smishing cases to the Inter-Agency Response Center Hotline at 1326 to help prevent cybercrime.

The project

Based on the project description, the goal is to develop machine learning (ML) algorithms capable of analyzing patterns, including typing dynamics and touchscreen interactions, to identify anomalies that could signify a smishing attempt.

As outlined in the description, the ML continuously learns and updates user profiles based on analyzed behavior patterns, enabling the models to adapt to the evolving tactics and strategies used in smishing activities.

ML models can be “trained on labeled datasets of phishing and legitimate messages to learn patterns and features that distinguish between the two,” as stated in the proposal.

This project is also expected to integrate natural language processing (NLP), a branch of artificial intelligence (AI) that analyzes the content of SMS messages to identify phishing attempts that may lead to fraudulent activities and identity theft.