Abstract
Email phishing is one of the most prevalent and globally consequential vectors of cyber intrusion. As systems increasingly deploy Large Language Models (LLMs), these systems face evolving phishing email threats that exploit their fundamental architectures. Current LLMs require substantial hardening before deployment in email security systems, particularly against coordinated multi-vector attacks that exploit architectural vulnerabilities.
This paper proposes LLMPEA, an LLM-based framework to detect phishing email attacks across multiple attack vectors, including prompt injection, text refinement, and multilingual attacks. We evaluate three frontier LLMs (e.g., GPT-4o, Claude Sonnet 4, and Grok-3) and comprehensive prompting design to assess their feasibility, robustness, and limitations against phishing email attacks.
Our empirical analysis reveals that LLMs can detect phishing emails with over 90% accuracy while also highlighting that LLM-based phishing email detection systems could be exploited by adversarial attacks, prompt injection, and multilingual attacks. Our findings provide critical insights for LLM-based phishing detection in real-world settings where attackers exploit multiple vulnerabilities in combination.
Blogger's Review: This paper brings significant breakthroughs to the field of cybersecurity, presenting the LLMPEA framework that not only showcases the potential of LLMs in phishing email detection but also reveals the security challenges they face. As cyberattack methods continue to evolve, ongoing fortification and optimization of LLM security will be a key focus for future research.