Large Language Model Lateral Spear Phishing: A Comparative Study in
Large-Scale Organizational Settings
- URL: http://arxiv.org/abs/2401.09727v1
- Date: Thu, 18 Jan 2024 05:06:39 GMT
- Title: Large Language Model Lateral Spear Phishing: A Comparative Study in
Large-Scale Organizational Settings
- Authors: Mazal Bethany, Athanasios Galiopoulos, Emet Bethany, Mohammad Bahrami
Karkevandi, Nishant Vishwamitra, Peyman Najafirad
- Abstract summary: This study is a pioneering exploration into the use of Large Language Models (LLMs) for the creation of targeted lateral phishing emails.
It targets a large tier 1 university's operation and workforce of approximately 9,000 individuals over an 11-month period.
It also evaluates the capability of email filtering infrastructure to detect such LLM-generated phishing attempts.
- Score: 3.251318035773221
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The critical threat of phishing emails has been further exacerbated by the
potential of LLMs to generate highly targeted, personalized, and automated
spear phishing attacks. Two critical problems concerning LLM-facilitated
phishing require further investigation: 1) Existing studies on lateral phishing
lack specific examination of LLM integration for large-scale attacks targeting
the entire organization, and 2) Current anti-phishing infrastructure, despite
its extensive development, lacks the capability to prevent LLM-generated
attacks, potentially impacting both employees and IT security incident
management. However, the execution of such investigative studies necessitates a
real-world environment, one that functions during regular business operations
and mirrors the complexity of a large organizational infrastructure. This
setting must also offer the flexibility required to facilitate a diverse array
of experimental conditions, particularly the incorporation of phishing emails
crafted by LLMs. This study is a pioneering exploration into the use of Large
Language Models (LLMs) for the creation of targeted lateral phishing emails,
targeting a large tier 1 university's operation and workforce of approximately
9,000 individuals over an 11-month period. It also evaluates the capability of
email filtering infrastructure to detect such LLM-generated phishing attempts,
providing insights into their effectiveness and identifying potential areas for
improvement. Based on our findings, we propose machine learning-based detection
techniques for such emails to detect LLM-generated phishing emails that were
missed by the existing infrastructure, with an F1-score of 98.96.
Related papers
- Attention Tracker: Detecting Prompt Injection Attacks in LLMs [62.247841717696765]
Large Language Models (LLMs) have revolutionized various domains but remain vulnerable to prompt injection attacks.
We introduce the concept of the distraction effect, where specific attention heads shift focus from the original instruction to the injected instruction.
We propose Attention Tracker, a training-free detection method that tracks attention patterns on instruction to detect prompt injection attacks.
arXiv Detail & Related papers (2024-11-01T04:05:59Z) - Can LLMs be Fooled? Investigating Vulnerabilities in LLMs [4.927763944523323]
The advent of Large Language Models (LLMs) has garnered significant popularity and wielded immense power across various domains within Natural Language Processing (NLP)
This paper will synthesize the findings from each vulnerability section and propose new directions of research and development.
By understanding the focal points of current vulnerabilities, we can better anticipate and mitigate future risks.
arXiv Detail & Related papers (2024-07-30T04:08:00Z) - Exploring Automatic Cryptographic API Misuse Detection in the Era of LLMs [60.32717556756674]
This paper introduces a systematic evaluation framework to assess Large Language Models in detecting cryptographic misuses.
Our in-depth analysis of 11,940 LLM-generated reports highlights that the inherent instabilities in LLMs can lead to over half of the reports being false positives.
The optimized approach achieves a remarkable detection rate of nearly 90%, surpassing traditional methods and uncovering previously unknown misuses in established benchmarks.
arXiv Detail & Related papers (2024-07-23T15:31:26Z) - Are you still on track!? Catching LLM Task Drift with Activations [55.75645403965326]
Task drift allows attackers to exfiltrate data or influence the LLM's output for other users.
We show that a simple linear classifier can detect drift with near-perfect ROC AUC on an out-of-distribution test set.
We observe that this approach generalizes surprisingly well to unseen task domains, such as prompt injections, jailbreaks, and malicious instructions.
arXiv Detail & Related papers (2024-06-02T16:53:21Z) - Novel Interpretable and Robust Web-based AI Platform for Phishing Email Detection [0.0]
Phishing emails pose a significant threat, causing financial losses and security breaches.
This study proposes a high-performance machine learning model for email classification.
The model achieves a f1 score of 0.99 and is designed for deployment within relevant applications.
arXiv Detail & Related papers (2024-05-19T17:18:27Z) - TuBA: Cross-Lingual Transferability of Backdoor Attacks in LLMs with Instruction Tuning [63.481446315733145]
Cross-lingual backdoor attacks against multilingual large language models (LLMs) are under-explored.
Our research focuses on how poisoning the instruction-tuning data for one or two languages can affect the outputs for languages whose instruction-tuning data were not poisoned.
Our method exhibits remarkable efficacy in models like mT5 and GPT-4o, with high attack success rates, surpassing 90% in more than 7 out of 12 languages.
arXiv Detail & Related papers (2024-04-30T14:43:57Z) - Prompt Leakage effect and defense strategies for multi-turn LLM interactions [95.33778028192593]
Leakage of system prompts may compromise intellectual property and act as adversarial reconnaissance for an attacker.
We design a unique threat model which leverages the LLM sycophancy effect and elevates the average attack success rate (ASR) from 17.7% to 86.2% in a multi-turn setting.
We measure the mitigation effect of 7 black-box defense strategies, along with finetuning an open-source model to defend against leakage attempts.
arXiv Detail & Related papers (2024-04-24T23:39:58Z) - Unveiling the Misuse Potential of Base Large Language Models via In-Context Learning [61.2224355547598]
Open-sourcing of large language models (LLMs) accelerates application development, innovation, and scientific progress.
Our investigation exposes a critical oversight in this belief.
By deploying carefully designed demonstrations, our research demonstrates that base LLMs could effectively interpret and execute malicious instructions.
arXiv Detail & Related papers (2024-04-16T13:22:54Z) - Detecting Phishing Sites Using ChatGPT [2.3999111269325266]
We propose a novel system called ChatPhishDetector that utilizes Large Language Models (LLMs) to detect phishing sites.
Our system involves leveraging a web crawler to gather information from websites, generating prompts for LLMs based on the crawled data, and then retrieving the detection results from the responses generated by the LLMs.
The experimental results using GPT-4V demonstrated outstanding performance, with a precision of 98.7% and a recall of 99.6%, outperforming the detection results of other LLMs and existing systems.
arXiv Detail & Related papers (2023-06-09T11:30:08Z) - Spear Phishing With Large Language Models [3.2634122554914002]
This study explores how large language models (LLMs) can be used for spear phishing.
I create unique spear phishing messages for over 600 British Members of Parliament using OpenAI's GPT-3.5 and GPT-4 models.
My findings provide some evidence that these messages are not only realistic but also cost-effective, with each email costing only a fraction of a cent to generate.
arXiv Detail & Related papers (2023-05-11T16:55:19Z) - Targeted Phishing Campaigns using Large Scale Language Models [0.0]
Phishing emails are fraudulent messages that aim to trick individuals into revealing sensitive information or taking actions that benefit the attackers.
We propose a framework for evaluating the performance of NLMs in generating these types of emails based on various criteria, including the quality of the generated text.
Our evaluations show that NLMs are capable of generating phishing emails that are difficult to detect and that have a high success rate in tricking individuals, but their effectiveness varies based on the specific NLM and training data used.
arXiv Detail & Related papers (2022-12-30T03:18:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.