{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T12:52:40Z","timestamp":1777380760657,"version":"3.51.4"},"reference-count":55,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T00:00:00Z","timestamp":1773964800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Array"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1016\/j.array.2026.100775","type":"journal-article","created":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T07:42:43Z","timestamp":1774078963000},"page":"100775","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["A systematic literature review of large language models in phishing attack generation and detection"],"prefix":"10.1016","volume":"30","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-9103-8578","authenticated-orcid":false,"given":"Dinushan","family":"Sivaneswaran","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7593-6661","authenticated-orcid":false,"given":"Chaminda T.E.R.","family":"Hewage","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1873-768X","authenticated-orcid":false,"given":"H.M.K.K.M.B.","family":"Herath","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4571-1888","authenticated-orcid":false,"given":"Rajkumar Singh","family":"Rathore","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5438-579X","authenticated-orcid":false,"given":"Vishal Krishna","family":"Singh","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0953-5047","authenticated-orcid":false,"given":"Weiwei","family":"Jiang","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.array.2026.100775_b1","doi-asserted-by":"crossref","first-page":"39221","DOI":"10.1109\/ACCESS.2024.3376682","article-title":"Evolving malware and DDoS attacks: Decadal longitudinal study","volume":"12","author":"Falowo","year":"2024","journal-title":"IEEE Access"},{"issue":"12","key":"10.1016\/j.array.2026.100775_b2","doi-asserted-by":"crossref","first-page":"nwae403","DOI":"10.1093\/nsr\/nwae403","article-title":"A survey on multimodal large language models","volume":"11","author":"Yin","year":"2024","journal-title":"Natl Sci Rev"},{"key":"10.1016\/j.array.2026.100775_b3","doi-asserted-by":"crossref","unstructured":"Nguyen QH, Wu T, Nguyen V, Yuan X, Xue J, Rudolph C. Utilizing large language models with human feedback integration for generating dedicated warning for phishing emails. In: Proceedings of the 2nd ACM workshop on secure and trustworthy deep learning systems. 2024, p. 35\u201346.","DOI":"10.1145\/3665451.3665531"},{"key":"10.1016\/j.array.2026.100775_b4","series-title":"2024 ninth international conference on mobile and secure services","first-page":"1","article-title":"Leveraging human knowledge in large language model for obfuscation-resisted phishing URL detection","author":"Fu","year":"2024"},{"issue":"3","key":"10.1016\/j.array.2026.100775_b5","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1109\/MSEC.2023.3255039","article-title":"Electric sheep on the pastures of disinformation and targeted phishing campaigns: The security implications of chatgpt","volume":"21","author":"Gradon","year":"2023","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.array.2026.100775_b6","series-title":"2024 IEEE conference on dependable and secure computing","first-page":"31","article-title":"Enhancing cybersecurity with transformers: Preventing phishing emails and social media scams","author":"Al Daoud","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b7","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2024.3483905","article-title":"ChatPhishDetector: Detecting phishing sites using large language models","author":"Koide","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b8","series-title":"A survey of large language models, 1(2)","author":"Zhao","year":"2023"},{"key":"10.1016\/j.array.2026.100775_b9","article-title":"Benchmarking and evaluating large language models in phishing detection for small and midsize enterprises: A comprehensive analysis","author":"Zhang","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b10","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2025.3555500","article-title":"Lateral phishing with large language models: A large organization comparative study","author":"Bethany","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b11","series-title":"2024 IEEE symposium on security and privacy","first-page":"36","article-title":"From chatbots to phishbots?: Phishing scam generation in commercial large language models","author":"Roy","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b12","article-title":"Large language models for cybersecurity: New opportunities","author":"Divakaran","year":"2024","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.array.2026.100775_b13","doi-asserted-by":"crossref","first-page":"80218","DOI":"10.1109\/ACCESS.2023.3300381","article-title":"From chatgpt to threatgpt: Impact of generative ai in cybersecurity and privacy","volume":"11","author":"Gupta","year":"2023","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b14","series-title":"Nordic conference on secure IT systems","first-page":"258","article-title":"The dual-edged sword of large language models in phishing","author":"Siemerink","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b15","series-title":"2023 IEEE conference on communications and network security","first-page":"1","article-title":"Exploring the dark side of ai: Advanced phishing attack design and deployment using chatgpt","author":"Begou","year":"2023"},{"key":"10.1016\/j.array.2026.100775_b16","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104220","article-title":"AttacKG+: Boosting attack graph construction with large language models","volume":"150","author":"Zhang","year":"2025","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100775_b17","series-title":"2015 international conference on green computing and internet of things","first-page":"1312","article-title":"A review on recent phishing attacks in internet","author":"Yadav","year":"2015"},{"key":"10.1016\/j.array.2026.100775_b18","series-title":"2016 international conference on computing, communication and automation","first-page":"537","article-title":"A literature survey on social engineering attacks: Phishing attack","author":"Gupta","year":"2016"},{"key":"10.1016\/j.array.2026.100775_b19","series-title":"2017 international conference on computer science and engineering","first-page":"337","article-title":"Detecting phishing attacks from URL by using NLP techniques","author":"Buber","year":"2017"},{"key":"10.1016\/j.array.2026.100775_b20","series-title":"2020 IEEE Asia-Pacific conference on computer science and data engineering","first-page":"1","article-title":"COVID-19 pandemic: A new era of cyber security threat and holistic approach to overcome","author":"Ahmed","year":"2020"},{"key":"10.1016\/j.array.2026.100775_b21","doi-asserted-by":"crossref","DOI":"10.3389\/fcomp.2021.563060","article-title":"Phishing attacks: A recent comprehensive study and a new anatomy","volume":"3","author":"Alkhalil","year":"2021","journal-title":"Front Comput Sci"},{"key":"10.1016\/j.array.2026.100775_b22","doi-asserted-by":"crossref","first-page":"121916","DOI":"10.1109\/ACCESS.2021.3109091","article-title":"Covid-19 and phishing: Effects of human emotions, behavior, and demographics on the success of phishing attempts during the pandemic","volume":"9","author":"Abroshan","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b23","series-title":"International conference on smart trends for information technology and computer communications","first-page":"323","article-title":"Cybersecurity risks and challenges in transition to remote work during the COVID-19 pandemic: A focus on employee behavior and organizational vulnerabilities","author":"Khode","year":"2025"},{"issue":"6","key":"10.1016\/j.array.2026.100775_b24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3712001","article-title":"Security and privacy challenges of large language models: A survey","volume":"57","author":"Das","year":"2025","journal-title":"ACM Comput Surv"},{"key":"10.1016\/j.array.2026.100775_b25","series-title":"2024 8th international conference on i-SMAC","first-page":"663","article-title":"Analysis of how ChatGPT and gemini help in the generation of cyber attacks","author":"Nagarajan","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b26","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104077","article-title":"Unleashing offensive artificial intelligence: Automated attack technique code generation","volume":"147","author":"Iturbe","year":"2024","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100775_b27","series-title":"Multimodal large language models for phishing webpage detection and identification","author":"Lee","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b28","series-title":"2024 14th international conference on advanced computer information technologies","first-page":"481","article-title":"A dynamically selected GPT model for phishing detection","author":"Beydemir","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b29","series-title":"2024 IEEE international conference on big data","first-page":"2558","article-title":"Next-generation phishing: How LLM agents empower cyber attackers","author":"Afane","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b30","article-title":"Optimising AI models for intelligence extraction in the life cycle of cybersecurity threat landscape generation","volume":"90","author":"Zacharis","year":"2025","journal-title":"J Inf Secur Appl"},{"key":"10.1016\/j.array.2026.100775_b31","series-title":"2024 12th international symposium on digital forensics and security","first-page":"1","article-title":"LLM-driven SAT impact on phishing defense: A cross-sectional analysis","author":"Hafzullah","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b32","doi-asserted-by":"crossref","unstructured":"Blancaflor EB, Abaleta RM, Achacoso LMD, Amper ACC, Ampiloquio PIR. Emerging Threat: The Use of AI Voice Cloning Software and Services to Deceive Victims Through Phone Conversations and its Potential Effects on the Filipino Population. In: Proceeding of the 2024 5th Asia service sciences and software engineering conference. 2024, p. 137\u201346.","DOI":"10.1145\/3702138.3702145"},{"key":"10.1016\/j.array.2026.100775_b33","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104016","article-title":"A survey of large language models for cyber threat detection","volume":"145","author":"Chen","year":"2024","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100775_b34","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2024.112663","article-title":"Large language models for cyber resilience: A comprehensive review, challenges, and future perspectives","volume":"170","author":"Ding","year":"2025","journal-title":"Appl Soft Comput"},{"key":"10.1016\/j.array.2026.100775_b35","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104197","article-title":"SoK: The past decade of user deception in emails and today\u2019s email clients\u2019 susceptibility to phishing techniques","volume":"150","author":"Veit","year":"2025","journal-title":"Comput Secur"},{"key":"10.1016\/j.array.2026.100775_b36","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2024.3505983","article-title":"Application of large language models in cybersecurity: A systematic literature review","author":"Hasanov","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b37","article-title":"A state-of-the-art review on phishing website detection techniques","author":"Li","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b38","article-title":"The PRISMA 2020 statement: an updated guideline for reporting systematic reviews","volume":"372","author":"Page","year":"2021","journal-title":"Bmj"},{"key":"10.1016\/j.array.2026.100775_b39","series-title":"2024 IEEE 15th annual ubiquitous computing, electronics & mobile communication conference","first-page":"0226","article-title":"Enhancing phishing detection with AI: A novel dataset and comprehensive analysis using machine learning and large language models","author":"Chataut","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b40","series-title":"2024 IEEE 7th international conference on multimedia information processing and retrieval","first-page":"612","article-title":"Guarding against ChatGPT threats: Identifying and addressing vulnerabilities","author":"Zhang","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b41","series-title":"2024 IEEE 20th international conference on intelligent computer communication and processing","first-page":"1","article-title":"A feature engineering approach for detecting phishing emails","author":"Dumitras","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b42","series-title":"2024 IEEE\/aCIS 22nd international conference on software engineering research, management and applications","first-page":"159","article-title":"Securing against deception: exploring phishing emails through ChatGPT and sentiment analysis","author":"Sayyafzadeh","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b43","doi-asserted-by":"crossref","unstructured":"Ling F, Yang H, Xiao Y, Hu L. Meta GPT-Based Agent for Enhanced Phishing Email Detection. In: Proceedings of the 2024 14th international conference on communication and network security. 2024, p. 78\u201384.","DOI":"10.1145\/3711618.3711619"},{"key":"10.1016\/j.array.2026.100775_b44","series-title":"2024 IEEE 7th international conference on big data and artificial intelligence","first-page":"160","article-title":"Securenet: A comparative study of deberta and large language models for phishing detection","author":"Mahendru","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b45","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2024.3375882","article-title":"Devising and detecting phishing emails using large language models","author":"Heiding","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b46","series-title":"2024 IEEE 14th annual computing and communication workshop and conference","first-page":"0548","article-title":"Can ai keep you safe? a study of large language models for phishing detection","author":"Chataut","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b47","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2024.111004","article-title":"LLMs are one-shot URL classifiers and explainers","volume":"258","author":"Rashid","year":"2025","journal-title":"Comput Netw"},{"key":"10.1016\/j.array.2026.100775_b48","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2025.3542036","article-title":"DomainLynx: Advancing LLM techniques for robust domain squatting detection","author":"Chiba","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b49","series-title":"2024 8th cyber security in networking conference","first-page":"92","article-title":"Chat or trap? Detecting scams in messaging applications with large language models","author":"Chang","year":"2024"},{"issue":"1","key":"10.1016\/j.array.2026.100775_b50","doi-asserted-by":"crossref","first-page":"367","DOI":"10.3390\/make6010018","article-title":"Prompt engineering or fine-tuning? a case study on phishing detection with large language models","volume":"6","author":"Trad","year":"2024","journal-title":"Mach Learn Knowl Extr"},{"issue":"1","key":"10.1016\/j.array.2026.100775_b51","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3687300","article-title":"MITRE ATT&CK: State of the art and way forward","volume":"57","author":"Al-Sada","year":"2024","journal-title":"ACM Comput Surv"},{"key":"10.1016\/j.array.2026.100775_b52","article-title":"Applications of llms for generating cyber security exercise scenarios","author":"Yamin","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.array.2026.100775_b53","series-title":"2024 IEEE international conference on big data","first-page":"2314","article-title":"Generating phishing attacks and novel detection algorithms in the era of large language models","author":"Fairbanks","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b54","series-title":"2024 IEEE 48th annual computers, software, and applications conference","first-page":"1494","article-title":"Enhancing website fraud detection: A ChatGPT-based approach to phishing detection","author":"Schesny","year":"2024"},{"key":"10.1016\/j.array.2026.100775_b55","doi-asserted-by":"crossref","unstructured":"Gressel G, Pankajakshan R, Mirsky Y. Discussion paper: Exploiting llms for scam automation: A looming threat. In: Proceedings of the 3rd ACM workshop on the security implications of deepfakes and cheapfakes. 2024, p. 20\u20134.","DOI":"10.1145\/3660354.3660356"}],"container-title":["Array"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2590005626000986?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2590005626000986?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T09:18:47Z","timestamp":1777367927000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2590005626000986"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,7]]},"references-count":55,"alternative-id":["S2590005626000986"],"URL":"https:\/\/doi.org\/10.1016\/j.array.2026.100775","relation":{},"ISSN":["2590-0056"],"issn-type":[{"value":"2590-0056","type":"print"}],"subject":[],"published":{"date-parts":[[2026,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"A systematic literature review of large language models in phishing attack generation and detection","name":"articletitle","label":"Article Title"},{"value":"Array","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.array.2026.100775","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier Inc.","name":"copyright","label":"Copyright"}],"article-number":"100775"}}