This is part of the monthly MassAITC webinar series.
Abstract:
Phishing attacks pose a significant threat to users, especially older adults. Existing defenses mainly focus on phishing detection but often cannot explain to lay users why a message is malicious. In this talk, I will discuss how we use Large Language Models (LLMs) to detect SMS phishing while generating evidence-based explanations. The key challenge is that SMS is short, lacking the necessary context for security reasoning. We develop a prototype called SmishX that gathers external contexts to augment the chain-of-thought (CoT) reasoning of LLMs and facilitate the explanation process. I will further discuss our user studies to evaluate the effectiveness and usability of SmishX. Finally, I will discuss the open challenges and opportunities of using AI to help older adults better protect themselves from cybersecurity threats in general.