This study evaluates the effectiveness of LLM-generated smishing (SMS phishing) messages compared to human-created ones using a novel methodology called TRAPD (Threshold Ranking Approach for Personalized Deception).

Key Findings:

• LLM-generated phishing messages can be highly personalized and effective against specific targets
• The study used GPT-4 to create targeted smishing messages and compared them with human-authored equivalents
• The research introduces a novel TRAPD methodology for evaluating personalized deception
• Results highlight the growing sophistication of AI-powered social engineering attacks

Why It Matters: As LLMs become more accessible, cybercriminals can leverage them to create sophisticated, personalized phishing campaigns at scale, posing significant security challenges for organizations and individuals. This research helps security professionals understand and prepare for these emerging threats.

Assessing AI vs Human-Authored Spear Phishing SMS Attacks: An Empirical Study