Community Targeted Phishing: A Middle Ground Between Massive and Spear Phishing through Natural Language Generation
This addresses the cybersecurity challenge of phishing for organizations and individuals by introducing a novel middle-ground approach, though it is incremental as it builds on existing NLG techniques.
The paper tackles the problem of phishing by proposing Community Targeted Phishing (CTP), which uses Natural Language Generation (NLG) to target populous communities with machine-tailored emails, and demonstrates workflows for crafting such emails and leveraging advanced NLG to extract and use information from complex datasets to threaten private data.
Looking at today phishing panorama, we are able to identify two diametrically opposed approaches. On the one hand, massive phishing targets as many people as possible with generic and preformed texts. On the other hand, spear phishing targets high-value victims with hand-crafted emails. While nowadays these two worlds partially intersect, we envision a future where Natural Language Generation (NLG) techniques will enable attackers to target populous communities with machine-tailored emails. In this paper, we introduce what we call Community Targeted Phishing (CTP), alongside with some workflows that exhibit how NLG techniques can craft such emails. Furthermore, we show how Advanced NLG techniques could provide phishers new powerful tools to bring up to the surface new information from complex data-sets, and use such information to threaten victims' private data.