kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Devising and Detecting Phishing Emails Using Large Language Models
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. Harvard Univ, Harvard John A Paulson Sch Engn & Appl Sci, Cambridge, MA 02138 USA.ORCID iD: 0000-0001-7884-966x
Harvard Univ, Harvard Kennedy Sch, Cambridge, MA 02138 USA..
Avant Res Grp, Buffalo, NY 14214 USA..
MIT, Cambridge, MA 02139 USA..
Show others and affiliations
2024 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 42131-42146Article in journal (Refereed) Published
Abstract [en]

AI programs, built using large language models, make it possible to automatically create phishing emails based on a few data points about a user. The V-Triad is a set of rules for manually designing phishing emails to exploit our cognitive heuristics and biases. In this study, we compare the performance of phishing emails created automatically by GPT-4 and manually using the V-Triad. We also combine GPT-4 with the V-Triad to assess their combined potential. A fourth group, exposed to generic phishing emails, was our control group. We use a red teaming approach by simulating attackers and emailing 112 participants recruited for the study. The control group emails received a click-through rate between 19-28%, the GPT-generated emails 30-44%, emails generated by the V-Triad 69-79%, and emails generated by GPT and the V-Triad 43-81%. Each participant was asked to explain why they pressed or did not press a link in the email. These answers often contradict each other, highlighting the importance of personal differences. Next, we used four popular large language models (GPT, Claude, PaLM, and LLaMA) to detect the intention of phishing emails and compare the results to human detection. The language models demonstrated a strong ability to detect malicious intent, even in non-obvious phishing emails. They sometimes surpassed human detection, although often being slightly less accurate than humans. Finally, we analyze of the economic aspects of AI-enabled phishing attacks, showing how large language models increase the incentives of phishing and spear phishing by reducing their costs.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE) , 2024. Vol. 12, p. 42131-42146
Keywords [en]
Phishing, large language models, social engineering, artificial intelligence
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-345143DOI: 10.1109/ACCESS.2024.3375882ISI: 001192203500001Scopus ID: 2-s2.0-85187996490OAI: oai:DiVA.org:kth-345143DiVA, id: diva2:1849622
Note

QC 20240408

Available from: 2024-04-08 Created: 2024-04-08 Last updated: 2024-04-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Heiding, Fredrik

Search in DiVA

By author/editor
Heiding, Fredrik
By organisation
Network and Systems Engineering
In the same journal
IEEE Access
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 71 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf