Litcius/Paper detail

Phishing and Social Engineering in the Age of LLMs

Sean Gallagher, Ben Gelman, Salma Taoufiq, Tamás Vörös, Younghoo Lee, Adarsh Kyadige, Sean Paul Bergeron

202419 citationsDOIOpen Access PDF

Abstract

Abstract The human factor remains a major vulnerability in cybersecurity. This chapter explores the escalating threats that Large Language Models (LLMs) pose in the field of cybercrime, particularly in phishing and social engineering. Due to their ability to generate highly convincing and individualized content, LLMs enhance the effectiveness and scale of phishing attacks, making them increasingly difficult to detect. The integration of multimodal generative models allows malicious actors to leverage AI-generated text, images, and audio, increasing attack avenues and making attacks more convincing. Two case studies provide a comprehensive look, examining how AI technology orchestrates a phishing attack posing as a typical e-commerce transaction and how an LLM was used in a romance-themed cryptocurrency scam. Both scenarios underline the need for increased awareness and improved defenses against these novel and sophisticated cyber threats.

Topics & Concepts

PhishingSocial engineering (security)Computer securityInternet privacyComputer scienceWorld Wide WebThe InternetSpam and Phishing DetectionAdvanced Malware Detection TechniquesCybercrime and Law Enforcement Studies