SecTor 2025 | Rethinking Phishing Detection in the Age of AI and Disinformation

Phishing is no longer just a technical problem; it is a cognitive one. Classifiers that rely on dynamic features such as sentiment, urgency, or message length are highly vulnerable to concept drift. Attackers adapt quickly, and with the help of large language models, they can now craft highly convincing phishing messages that evade traditional detection systems. Many of the signals we once relied on are no longer dependable because they also appear in legitimate communication. In response, there is a growing shift toward static features, especially URL-based analysis. Elements like domain entropy or subdomain structure are harder for attackers to modify without breaking the link and tend to remain stable over time. However, static models often lack transparency. Why was the link flagged? What pattern triggered the detection? Without clear explanations, users are left in the dark and trust in the system erodes. This Briefing explores how to move beyond surface-level detection. Drawing on recent research in adversarial machine learning, social engineering modeling, and cognitive psychology, we will present a classifier design that integrates manipulation scoring, concept drift monitoring, and explainability from the ground up. Attendees will gain insight into how phishing tactics evolve and how to design defenses that adapt to them while staying aligned with human behavior. By: Michel Hebert | Industry Research, Practice Lead, Info-Tech Research Group https://ift.tt/eDCdFOz

source https://www.youtube.com/watch?v=nAbyzHJivfo