Phishing Email Detection Using Large Language Models

TL;DR

This paper introduces LLMPEA, a framework using large language models to detect various types of phishing emails, demonstrating over 90% accuracy but also highlighting potential vulnerabilities to adversarial attacks.

Contribution

The paper presents LLMPEA, a novel LLM-based framework for multi-vector phishing email detection, evaluating its effectiveness and limitations across multiple frontier LLMs.

Findings

LLMs can detect phishing emails with over 90% accuracy.

LLMs are vulnerable to adversarial, prompt injection, and multilingual attacks.

Insights into deploying LLMs securely in email security systems.

Abstract

Email phishing is one of the most prevalent and globally consequential vectors of cyber intrusion. As systems increasingly deploy Large Language Models (LLMs) applications, these systems face evolving phishing email threats that exploit their fundamental architectures. Current LLMs require substantial hardening before deployment in email security systems, particularly against coordinated multi-vector attacks that exploit architectural vulnerabilities. This paper proposes LLMPEA, an LLM-based framework to detect phishing email attacks across multiple attack vectors, including prompt injection, text refinement, and multilingual attacks. We evaluate three frontier LLMs (e.g., GPT-4o, Claude Sonnet 4, and Grok-3) and comprehensive prompting design to assess their feasibility, robustness, and limitations against phishing email attacks. Our empirical analysis reveals that LLMs can detect the phishing email over 90% accuracy while we also highlight that LLM-based phishing email detection systems could be exploited by adversarial attack, prompt injection, and multilingual attacks. Our findings provide critical insights for LLM-based phishing detection in real-world settings where attackers exploit multiple vulnerabilities in combination.