LLM-Powered Intent-Based Categorization of Phishing Emails
Phishing attacks remain a significant threat to modern cybersecurity, as they successfully deceive both humans and the defense mechanisms intended to protect them. Traditional detection systems primarily focus on email metadata that users cannot see in their inboxes. Additionally, these systems struggle with phishing emails, which experienced users can often identify empirically by the text alone. This paper investigates the practical potential of Large Language Models (LLMs) to detect these emails by focusing on their intent. In addition to the binary classification of phishing emails, the paper introduces an intent-type taxonomy, which is operationalized by the LLMs to classify emails into distinct categories and, therefore, generate actionable threat information. To facilitate our work, we have curated publicly available datasets into a custom dataset containing a mix of legitimate and phishing emails. Our results demonstrate that existing LLMs are capable of detecting and categorizing phishing emails, underscoring their potential in this domain.
View on arXiv@article{eilertsen2025_2506.14337,
title={ LLM-Powered Intent-Based Categorization of Phishing Emails },
author={ Even Eilertsen and Vasileios Mavroeidis and Gudmund Grov },
journal={arXiv preprint arXiv:2506.14337},
year={ 2025 }
}