Checklist-based phishing detection leveraging Large Language Models

Abstract

In the third quarter of 2024, phishing attacks surged to over 930,000, with AI and machine learning technologies increasingly enabling attackers to automate and amplify these threats. Phishing emails remain a persistent threat because current detection methods often overlook user perception traits and factors, highlighting the need for a practical, user-focused guideline or checklist to improve identification and prevention. This thesis focuses on detecting phishing emails in the age of artificial intelligence (AI) and machine learning (ML). This thesis aims to contribute to existing research regarding phishing detection and mitigation. A literature review is the primary method used for this research providing an overview of common phishing email characteristics, which were then compiled to produce this thesis’s proposed CARLS checklist. The “CARLS” acronym stems from the initial characters of the perception characteristics: Commitment & consistency, Authority, Reciprocity, Liking & similarity, Social proof, and Scarcity. The checklist contains both phishing email characteristics and email perceptions of users to help detect plausible red flags in emails. The effectiveness of the checklist has been evaluated both manually and in an automated manner, with GPT4All (Nous) model trained on the CARLS checklist and tested against an imbalanced dataset achieving an accuracy of 90%. To conclude, despite the rise of AI and ML, phishing email characteristics have seen no significant changes, as shown in the characteristics within the CARLS checklist. The CARLS checklist is primarily human operated so that it can be consulted or included in various security awareness training programs. Furthermore, the CARLS checklist can also be automated by incorporating the checklist into an application which performs checks based on the checklist items or by teaching a large language model (LLM) or other AI/ML models to employ the checklist as part of a decision support system.