Phishing and Fraudulent Email Detection through Transfer Learning using pretrained transformer models

Abstract

Phishing is a type of social engineering attack used by malicious users and cyber criminals for stealing sensitive information, installation of unwanted and malicious software, ransomware, and other advanced persistent threats on a victim’s computer or mobile device. With the widespread adoption of the Internet, phishing attacks are on the rise and the recent work-from-home paradigm has increased the risk of phishing attacks targeted at large and small organizations alike. The consequences of phishing scams are often severe, ranging from financial loss, identity theft, data loss, and data theft. Though there are many ways of launching phishing attacks, phishing emails are one of the most commonly used techniques employed by cybercriminals. This is primarily because email addresses are easily obtainable and sending bulk emails is quite cheap, enabling attackers to send out a large number of emails hoping a few users will fall prey to the scam. Phishing emails are used for stealing sensitive information and credentials, delivering unwanted and malicious software, and delivering ransomware. This paper proposes a deep learning approach for detecting phishing and fraudulent emails. The proposed approach uses state-of-the-art pretrained transformer models and achieves very high accuracy, recall, and f1 score of 0.99.