Phishing and Social Engineering in the Age of LLMs
Sean Gallagher, Ben Gelman, Salma Taoufiq, Tamás Vörös, Younghoo Lee, Adarsh Kyadige, Sean Paul Bergeron
Abstract
Abstract The human factor remains a major vulnerability in cybersecurity. This chapter explores the escalating threats that Large Language Models (LLMs) pose in the field of cybercrime, particularly in phishing and social engineering. Due to their ability to generate highly convincing and individualized content, LLMs enhance the effectiveness and scale of phishing attacks, making them increasingly difficult to detect. The integration of multimodal generative models allows malicious actors to leverage AI-generated text, images, and audio, increasing attack avenues and making attacks more convincing. Two case studies provide a comprehensive look, examining how AI technology orchestrates a phishing attack posing as a typical e-commerce transaction and how an LLM was used in a romance-themed cryptocurrency scam. Both scenarios underline the need for increased awareness and improved defenses against these novel and sophisticated cyber threats.