Proof of concept Android application to inspect the currently stored SMS messages for possible SMS phishing (smishing) messages.
For more, read our accompanying blog.
- Gets all the messages currently in the SMS inbox.
- Look for keywords in the message body that are uniquely attributed to an organisational target. e.g. "Revenue and Customs" for HMRC.
- Check if the number is in the phone contacts.
- Look for URLs in the message body.
- Inspect the URL for keywords associated to an organisation (e.g. "tax", "rebate" for HMRC).
- If we have associated the message to a possible organisation, compare the URL to what we'd expect from the organisation. For example, HMRC messages should come from
gov.ukdomains.