Social engineering email attacks remain a threat despite commercial solutions and user training focused on identifying phishing indicators like urgency, unusual greetings, or inconsistent email addresses.
However, training shifts the phishing detection burden onto users during routine email checking, which is open to error.
This work explores using NLP to assist users by automatically identifying weak explainable phishing indicators (WEPI) – signals that may occur in legitimate emails but are rationales used in phishing attacks.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
An annotated email corpus of 940 emails labeled with 32 WEPI labels, including novel ones, is presented.
Security analysts from the “Information Sciences Institute, Los Angeles, USA” have recently provided insights into WEPI frequencies, areas for improved user training, and machine learning model performance in automating weak explainable phishing indicators (WEPI) detection to complement user vigilance:-
Detecting A Phishing Attack Using AI
Previous works have used NLP and machine learning techniques like statistical methods or neural networks to detect phishing emails based on extracted language features.
However, this work does not propose a new phishing detection algorithm. Instead, it identifies the need to modify anti-phishing training curricula for both humans and machines by defining a set of 32 weak explainable phishing indicators (WEPI) derived from analyzing anti-phishing recommendation and malicious emails.
The WEPIs capture content tied to potential phishing (urgency, unusual requests) as well as verifiable mismatches between stated identities or information and metadata or publicly available facts.
An annotated corpus of 940 emails labeled with these WEPIs across different linguistic scopes (words, sentences, messages) is presented to enable training and benchmarking automated WEPI detection models to complement human vigilance.
The process of annotation involved a combination of paid students and authors, who followed specified guidelines and then iteratively improved their work until a high inter-annotator agreement was achieved.
The performance of pre-trained language models such as BERT and RoBERTa on the 32 WEPI labels across different linguistic scopes served as the baseline.
This corpus intends to demonstrate how machines find it hard to understand natural languages, while phishing email detection proves challenging for humans too.
Rather than trying to automate everything, the aim is to facilitate combined human-machine approaches that are based on model predictions about interpretable indicators that help users be more vigilant and have lower cognitive burdens.
Researchers present an annotated dataset and trained models to identify phishing email indicators.
This study demonstrates the benefits of applying natural language understanding models to phishing email detection and supports the development of a phishing email identification curriculum.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
