Jiwon Kang (Seedgen Inc.)

Aeri Lee (Research Prof., Barun ICT, Research Center)

Beomsoo Kim (Director, Barun ICT, Research Center)

“You have received a package. Please confirm your delivery at www.kq00.pw” Have you ever received strange messages via your mobile phone from an unknown number? If you receive these types of messages along with a suspicious URL link, you should proceed with caution and doubt the validity of the content. Smishing is short for “SMS phishing”. It is a security attack in which people are deceived into downloading malwares or viruses onto their mobile phone. Recently, smishing crime techniques have become more cunning and its damage has been increasing, thereby requiring effective ways to prevent and cope with smishing. Although government and public institutions recommend that smartphone users adopt antispam and anti-spyware software to block smishing, a great deal of users don’t heed this advice, increasing their
vulnerability to smishing scams. Thus, the need for smartphone users’ security awareness and training is increasing. In this sense, news media can play an important role for enhancing security awareness on smishing.

This study investigates effective methods for providing news messages to smartphone users in order to improve their perceived risk from smishing. We empirically examine the degree to which optimistic bias on risk perception can vary depending on the news frame, topic type, and involvement regarding smishing. Optimistic bias is defnied as a tendency of mistakenly judging one’s own risk as less than the risk of others. This unrealistic optimism can give rise to unawareness of the severity of smishing. In this experimental study, the subjects (mobile phone users) were provided with two types of ne ws frames (i.e., small-scale figure per day vs. large-scale figure per year about scale of damage from smishing); and two types of smishing topics (topics adhere to daily living such as order delivery vs. social issues such MERS-CoV). We examined the
effect of both the type of news frame and smishing topics on users’ risk perception. We also classified the level of involvement of smishing by users into low and high levels. Then, we identified the factors influencing optimistic bias on the perception of risk from smishing to identify effective ways to promote individual security awareness of smishing. The results of this study show that smishing topics that adhere to daily living with low level of involvement can increase optimistic bias on risk perception. Based on the findings, the implications of this research can assist in educating, campaigning and promoting information security awareness for smart device users.



Improving Security Awareness about Smishing through Experiment on the Optimistic Bias on Risk Perception | Journal of The Korea Institute of Information Security & Cryptology, Vol. 26, No.1, Apr. 2016, pp. 475-487