Smishing is a form of phishing carried out via mobile devices to steal confidential information from victims. The number of smishing attacks has increased in recent years due to the large number of users acquiring these easy-to-use and functional devices. This literature review objective is to examine the techniques and methods used in smishing attacks using classification algorithms. To do so, we conducted a manual search process and selected 155 articles from Scopus and 29 articles from access to research for development and innovation (ARDI). Of these, 36 articles met the inclusion criteria. In addition, the algorithms most commonly used by the studies were random forest classification techniques, decision trees, and neural networks. These studies analyzed various machine learning models for detecting phishing and smishing messages. The attack simulation scenarios included generating web pages, sending fake links (URLs), and installing malicious applications. The analysis evaluated web pages and SMS messages using a database containing legitimate as well as smishing messages. Based on the results, it is suggested to combine these methods to improve detection performance, making it more robust and promising.

Artificial intelligence; Machine learning; Mobile phishing; Mobile security; Smishing