{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T21:13:46Z","timestamp":1774127626214,"version":"3.50.1"},"reference-count":62,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Department of Homeland Security (DHS), United States Secret Service, National Computer Forensics Institute","award":["70US0920D70090004"],"award-info":[{"award-number":["70US0920D70090004"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3555500","type":"journal-article","created":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T06:08:25Z","timestamp":1743142105000},"page":"60684-60701","source":"Crossref","is-referenced-by-count":8,"title":["Lateral Phishing With Large Language Models: A Large Organization Comparative Study"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3227-9806","authenticated-orcid":false,"given":"Mazal","family":"Bethany","sequence":"first","affiliation":[{"name":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6747-5938","authenticated-orcid":false,"given":"Athanasios","family":"Galiopoulos","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4841-0359","authenticated-orcid":false,"given":"Emet","family":"Bethany","sequence":"additional","affiliation":[{"name":"Secure AI and Autonomy Laboratory, San Antonio, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8305-6955","authenticated-orcid":false,"given":"Mohammad","family":"Bahrami Karkevandi","sequence":"additional","affiliation":[{"name":"Secure AI and Autonomy Laboratory, San Antonio, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0151-1617","authenticated-orcid":false,"given":"Nicole","family":"Beebe","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"}]},{"given":"Nishant","family":"Vishwamitra","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9671-577X","authenticated-orcid":false,"given":"Peyman","family":"Najafirad","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/CCAA.2016.7813778"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3309074.3309083"},{"key":"ref3","volume-title":"Social Engineering: The Art of Human Hacking","author":"Hadnagy","year":"2010"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TALE.2018.8615162"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2957750"},{"key":"ref6","article-title":"Zscaler threatlabz 2023 phishing report","author":"ThreatLabz","year":"2023"},{"key":"ref7","volume-title":"Check Point Research Weekly Intelligence Report October 14\u201320, 2024","year":"2024"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2018.5090"},{"key":"ref9","first-page":"257","article-title":"Alice in warningland: A large-scale field study of browser security warning effectiveness","volume-title":"Proc. 22nd USENIX Secur. Symp.","author":"Akhawe"},{"key":"ref10","article-title":"Llama 2: Open foundation and fine-tuned chat models","author":"Touvron","year":"2023","journal-title":"arXiv:2307.09288"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3591196.3596612"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-023-45644-9"},{"key":"ref13","volume-title":"A Ciso\u2019s Guide to Email Security","year":"2023"},{"key":"ref14","first-page":"1273","article-title":"Detecting and characterizing lateral phishing at scale","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Ho"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833766"},{"key":"ref16","first-page":"361","article-title":"Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale","volume-title":"Proc. 29th Secur. Symp.","author":"Oest"},{"key":"ref17","article-title":"From chatbots to PhishBots\u2014Preventing phishing scams created using ChatGPT, Google bard and claude","author":"Saha Roy","year":"2023","journal-title":"arXiv:2310.19181"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2020.1812134"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.032213.00009"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.3389\/fcomp.2021.563060"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-181253"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211219173"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.3389\/fpsyg.2018.00135"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(12)70007-6"},{"key":"ref25","volume-title":"Brand Phishing Report Q3 2023","year":"2023"},{"key":"ref26","volume-title":"Vade Secure Q3 2023 Phishing and Malware Report","year":"2023"},{"key":"ref27","volume-title":"Spear Phishing: Top Threats and Trends Report 2022","year":"2022"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.02.008"},{"key":"ref29","volume-title":"Google Cloud Cybersecurity Forecast 2024","year":"2024"},{"key":"ref30","volume-title":"Top Email Threats and Trends. Key Findings About the Evolution of Email-Based Threats in the Age of Genai","year":"2024"},{"key":"ref31","article-title":"Spear phishing with large language models","author":"Hazell","year":"2023","journal-title":"arXiv:2305.06972"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW59978.2023.00055"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/BigData62323.2024.10825018"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00182"},{"key":"ref35","first-page":"24950","article-title":"DetectGPT: Zero-shot machine-generated text detection using probability curvature","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Mitchell"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3624725"},{"key":"ref37","article-title":"Deciphering textual authenticity: A generalized strategy through the lens of large language semantics for detecting human vs. machine-generated text","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Bethany"},{"key":"ref38","article-title":"KnowPhish: Large language models meet multimodal knowledge graphs for enhancing reference-based phishing detection","author":"Li","year":"2024","journal-title":"arXiv:2403.02253"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.3390\/fi12100168"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3603163.3609064"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134067"},{"issue":"1","key":"ref42","first-page":"97","article-title":"The weaponization of social media: Spear phishing and cyberattacks on democracy","volume":"71","author":"Bossetta","year":"2018","journal-title":"J. Int. Affairs"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.02.050"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103364"},{"key":"ref45","first-page":"259","article-title":"An investigation of phishing awareness and education over time: When and how to best remind users","volume-title":"Proc. 16th Symp. Usable Privacy Secur. (SOUPS)","author":"Reinheimer"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyaa009"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3442181"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.10.016"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime57793.2022.10142092"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/CTS.2011.5928661"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020560"},{"key":"ref52","volume-title":"Google\/Flan-T5-XL","year":"2023"},{"key":"ref53","article-title":"Phishing email detection","author":"Chakraborty","year":"2023"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/s41870-024-01839-5"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3577923.3583634"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-024-10973-2"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/icgciot.2015.7380669"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1177\/0268396220918594"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2022.11.083"},{"key":"ref60","first-page":"257","article-title":"Detecting lateral movement in enterprise computer networks with unsupervised graph AI","volume-title":"Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses (RAID)","author":"Bowman"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.4324\/9781315618357"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.32727\/8.2023.1"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10943116.pdf?arnumber=10943116","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,11]],"date-time":"2025-04-11T04:28:55Z","timestamp":1744345735000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10943116\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":62,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3555500","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}