ITU-T SERIES X SUPP 29-2017 ITU-T X 1242 C Guidelines on countermeasures against short message service phishing and smishing attacks (Study Group 17).pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Series X TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 29 (09/2017) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.1242 Guidelines on countermeasures against short message service phis

2、hing and smishing attacks ITU-T X-series Recommendations Supplement 29 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.

3、499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security managem

4、ent X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES (1) Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols (1) X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1

5、170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES (2) Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1319 Smart grid security X.1330X.133

6、9 Certified mail X.1340X.1349 Internet of things (IoT) security X.1360X.1369 Intelligent transportation system (ITS) security X.1370X.1389 Distributed legder technology security X.1400X.1429 Security protocols (2) X.1450X.1459 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519

7、 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing se

8、curity X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list of ITU-T Recommendations

9、. X series Supplement 29 (09/2017) i Supplement 29 to ITU-T X-series Recommendations ITU-T X.1242 Guidelines on countermeasures against short message service phishing and smishing attacks Summary Supplement 29 to Recommendation ITU-T X.1242 provides universal guidelines on short message service (SMS

10、) phishing which is a fraudulent technique through mobile phones by causing phishing frauds with smartphones, acquiring personal information on the smartphones, or by enabling small amounts of money to be approved and paid while the account holder is not aware of the approval. The purpose of this Su

11、pplement is to universalize the guideline for countermeasures against SMS phishing incident by defining a security guideline about security technology against SMS phishing incident and method, and specification of report contents. History Edition Recommendation Approval Study Group Unique ID* 1.0 IT

12、U-T X Suppl. 29 2017-09-06 17 11.1002/1000/13409 Keywords Measures, phishing, smishing, short message service. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.

13、1002/1000/11830-en. ii X series Supplement 29 (09/2017) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is

14、 a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years,

15、establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessar

16、y standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the pub

17、lication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are u

18、sed to express requirements. The use of such words does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual

19、Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of i

20、ntellectual property, protected by patents, which may be required to implement this publication. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All ri

21、ghts reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. X series Supplement 29 (09/2017) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Supplem

22、ent 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 Overview . 2 7 Countermeasures against SMS phishing attacks 3 7.1 Typical SMS phishing attack scenario . 3 7.2 Recommendations for end users . 3 7.3 Recommendations for service providers 3 8 Countermeasures against SMS smishing attacks 3 8.1 Smi

23、shing attack scenario 3 8.2 Recommendations for end users . 4 8.3 Recommendations for service providers 5 Bibliography. 6 X series Supplement 29 (09/2017) 1 Supplement 29 to ITU-T X-series Recommendations ITU-T X.1242 Guidelines on countermeasures against short message service phishing and smishing

24、attacks 1 Scope This Supplement provides guidelines on countermeasures against short message service (SMS) based phishing and smishing attacks from the perspective of the user side and the network operator side. 2 References ITU-T X.1242 Recommendation ITU-T X.1242 (2009), Short message service (SMS

25、) spam filtering system based on user-specified rules. 3 Definitions 3.1 Terms defined elsewhere This Supplement uses the following terms defined elsewhere: 3.1.1 malware b-ISO/IEC 27033-1: Malicious software designed specifically to damage or disrupt a system, attacking confidentiality, integrity a

26、nd/or availability. NOTE Viruses and Trojan horses are examples of malware. 3.1.2 short message (SM) b-ETSI TS 102 507: Information that is conveyed from a sending user to a receiving user via an SM-SC. 3.1.3 short message service centre (SM-SC) b-ETSI TS 102 507: Function unit, which is responsible

27、 for the relaying and store-and-forwarding of a short message (SM) between two SM-TEs. NOTE The SM-SC can functionally be separated from or integrated in the network. 3.1.4 spam ITU-T X.1242: The electronic information delivered from senders to recipients by terminals such as computers, mobile phone

28、s, telephones, etc., which is usually unsolicited, unwanted, and harmful for recipients. 3.1.5 short message service (SMS) ITU-T X.1242: The services in telecommunication networks, which provide mobile phones, telephones and other SMEs to transfer and receive text messages through SMSCs that store m

29、essages if the receiving terminal cannot be contacted. 3.1.6 SMS spam ITU-T X.1242: Spam sent via SMS. 3.2 Terms defined in this Supplement This Supplement defines the following terms: 3.2.1 phishing: An attack to acquire sensitive information such as usernames, passwords, and credit card details fo

30、r malicious reasons, by masquerading as a trustworthy entity in an electronic communication. 3.2.2 smishing: An attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. 3.2.3 uniform resource locator (URL): A referenc

31、e to a web resource that specifies its location on a computer network and a mechanism for retrieving it. 3.2.4 caller ID spoofing: The process of changing the caller ID to any number other than the calling number. 2 X series Supplement 29 (09/2017) 3.2.5 caller identification: A telephone service th

32、at transmits a callers telephone number to the called partys telephone equipment when the call is being set up. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: FMD Filtered Messages Database SCM Service Control Module SM Short Message SMS Short Message Ser

33、vice SM-SC Short Message Service Centre SM-TE Short Message Technical Equipment SSFM SMS Spam Filtering Module URD User-specified Rules Database URL Uniform Resource Locator USMM User Service Management Module 5 Conventions None. 6 Overview Short message service (SMS) phishing is the attempt to acqu

34、ire sensitive information such as usernames, passwords and credit card details (and sometimes, indirectly, money) for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. SMS smishing is an attack that tricks the user into downloading a Trojan horse or other mal

35、icious software through SMS. It can also be used to infect users phones and related networks with destructive viruses or eavesdropping software and uses SMS technology to phish for a users sensitive personally identifiable information, such as social security numbers or user names and passwords for

36、online banking. The framework for countering phishing and smishing in this Supplement is based on the SMS spam filtering system, which includes the following logical modules: service control module (SCM), SMS spam filtering module (SSFM), user service management module (USMM), user-specified rules d

37、atabase (URD) and filtered messages database (FMD). The structure of the SMS spam filtering system is given in Figure 1 of ITU-T X.1242. Most spammers and smishing attackers send texts via an Internet text relay service in order to hide their identity. Many cellar service providers can provide a fea

38、ture to end-users that will block texts that come in from the Internet. This is another easy way to filter out spam and smishing SMS. This Supplement provides a guideline on countermeasures against both SMS-based phishing and smishing attacks. X series Supplement 29 (09/2017) 3 7 Countermeasures aga

39、inst SMS phishing attacks 7.1 Typical SMS phishing attack scenario The objective of SMS phishing is for spammers to acquire sensitive information such as usernames, passwords and credit card details for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. SMS ph

40、ishing exploits mobile phone text messages to deliver the bait to trick users into divulging their personal information. This clause describes a typical attack scenario for an SMS phishing attack as follows: An attacker sends a text message to end userss mobile device. This message asks end users to

41、 provide sensitive personal or financial information via a web link and false website, or via a telephone number. An attacker uses the users information for further fraudulent activities by masquerading as a trustworthy entity. 7.2 Recommendations for end users This clause describes recommendations

42、for end users to prevent them from falling victim to a phishing attack. End users should not respond to text messages that request private or financial information. If users receive a message that appears to be from an organization, financial institution or other entity that users do business with,

43、the end users should contact that organization or entity directly to determine if the message they receive is a legitimate request, and ascertain that entitys policy on sending text messages to users with regard to requests for private or financial information. End users should stop and think about

44、it, if a text message is urging them to act or respond quickly. End users should not reply to a suspicious text message without doing their research and verifying the source. End users should not call a phone number from an unknown sender. End users should keep its web browser up to date. End users

45、should use antivirus software. 7.3 Recommendations for service providers This clause describes recommendations for cell service providers to prevent phishing attacks. Cell service providers should provide “calling identification display“ feature to end-users. Cell service providers should provide “c

46、aller ID spoofing prevention“ feature of end-users. Cell service providers should provide measures to block SPAM messages from Internet. 8 Countermeasures against SMS smishing attacks 8.1 Smishing attack scenario This clause describes a typical attack scenario for smishing attacks as shown in Figure

47、 1. 1. A malicious application is uploaded to the distribution site. 2. An attacker sends a text message to end users. 3. An end user clicks on the uniform resource locator (URL) that downloads a malicious application. 4 X series Supplement 29 (09/2017) 4. The malicious application is downloaded to

48、the end-users phone. 5. The malicious application is installed in the mobile phone. 6. The malicious application sends sensitive financial information to the relay server without the users knowledge. 7. The relay server forwards the information to the attacker. Figure 1 Typical smishing attack scena

49、rio 8.2 Recommendations for end users This clause provides recommendations for end users to prevent them from falling victims to smishing attacks. End users should use the “block texts from the internet WEB-SMS“ feature, if available from their cellular service provider. End users should not respond to text messages that request them to disclose credentials or financial information. End users should not click on URLs within text messages, especial