Advanced Phishing Simulations using Privacy-Preserving Multi-Modal LLMs

Phishing is a type of cyber attack used to disguise as a reputable service provider in order to gain access to personal informations, login informations and banking details. ???? First attacks were carried during the 90s, aimed at stealing social media accounts. Since then, phishing has lead to high financial gains for attackers, and it is currently the main way that sophisticated systems are breached, as it does not exploit technical vulnerabilities but instead manipulates human behavior through techniques like social engineering. One of the most common approach applied to defend from phishing scams is awareness and user training, through guided presentations or predictable simulation templates that use old attack techniques as a reference, to test the individual's resilience to these attacks. This is not sufficient, as attackers always evolve their techniques, by integrating generative AI tools to speed up the attack building and deployment phases. Thus, a new approach for phishing simulations and training is needed. This dissection describes the implementation a phishing simulation pipeline that takes into consideration the latest developments in attack techniques and generative AI, employing privacy-preserving LLMs to ensure compliance with current data regulations and protect organizational and individual data. ???? The introductory chapter of this thesis provides an overview of past and current phishing activities, with details on how an attack is implemented and detected. The following chapter focuses on recent developments of AI technologies, with a specific emphasis on Generative AI, and how it is being used by malicious actors to reduce the cost of various attack phases and to launch efficient and sophisticated phishing attacks. The main part of this thesis provides an implementation of an advanced phishing simulation pipeline, enhanced using privacy-conscious LLMs and publicly available informations on tested individuals, that is based on current threat intelligence on phishing attacks, using an agentic approach to perform the required tasks. Finally, an overview on possible future developments is provided, with a specific focus on the emerging trends of deepfakes and voice phishing scams.