Graduation Semester and Year
Spring 2025
Language
English
Document Type
Dissertation
Degree Name
Doctor of Philosophy in Computer Science
Department
Computer Science and Engineering
First Advisor
Shirin Nilizadeh
Abstract
Phishing scams are among the most dangerous and persistent forms of cybercrime, leveraging social engineering to exploit human behavior and obtain sensitive information, leading to widespread identity theft and data breaches. In the past year, these attacks have resulted in financial losses exceeding $10 billion in the United States alone. As phishing scams continue to evolve, they have not only expanded in scale but also grown in sophistication, spreading rapidly across social media and employing adversarial techniques to evade detection by anti-scam tools. The situation is further exacerbated by the availability of advanced phishing kits, and more recently, generative AI, which significantly lowers the barrier for attackers to create and launch these scams. Despite ongoing efforts by phishing blocklists, security tools, and domain registrars, their defenses often fall short against more evasive threats. Meanwhile, outdated cybersecurity training and insufficient browser warnings leave users underprepared to recognize and respond to these attacks effectively.
To address these challenges, this dissertation focuses on characterizing evasive phishing threats across both centralized and decentralized platforms and developing real-time, scalable frameworks to proactively detect and mitigate these scams before they can reach end-users. To achieve this, this work develops six open-source frameworks - Social ThreatFinder, FreePhish, PhishLang, ScamLLM, DarkGram, and PhishXplain, which demonstrate the feasibility of real-time solutions that: 1)Curate reliable threat intelligence from social media platforms, such as Twitter, Facebook, and Telegram, to enhance blocklisting, particularly for zero-day threats, 2)Identify and prevent the abuse of commercial platforms (e.g., free website builders, and social media sites) and AI chatbots (e.g., ChatGPT, and Claude) for generating and distributing evasive phishing scams, and 3) Expedite zero-day threat detection and provide users with contextual phishing warnings, helping them recognize key scam indicators and improving their overall security awareness.
Keywords
phishing detection, cybersecurity, threat intelligence, security tools, adversarial attacks, security awareness, security frameworks
Disciplines
Artificial Intelligence and Robotics | Cybersecurity | Data Science | Information Security
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Recommended Citation
Saha Roy, Sayak, "SCALABLE APPROACHES TOWARDS CHARACTERIZING AND MITIGATING EMERGING PHISHING SCAMS" (2025). Computer Science and Engineering Dissertations. 407.
https://mavmatrix.uta.edu/cse_dissertations/407
Included in
Artificial Intelligence and Robotics Commons, Cybersecurity Commons, Data Science Commons, Information Security Commons