What Makes an Email Insecure: A Fine-Grained Risk Assessment Scheme for Phishing Emails Targeting Attack Vectors

Download PDF
Open Webpage

Ximin Huang, Fangli Ren, Weize Zhang, Xiao Chen, Shuwei Wang, Qiuyun Wang, Zhengwei Jiang

Published: 2025, Last Modified: 05 Jan 2026CSCWD 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: As online adversarial tactics escalate, particularly with the utilization of large language models, distinguishing phishing emails from benign ones has become increasingly challenging in terms of appearance and semantics. The use of various techniques, including visual deception and the concealment of malicious attachments, has become more widespread, posing significant challenges to traditional machine learning models that rely on text and semantic features. To address these challenges, this study introduces a Fine-grained Phishing Email Risk Assessment framework (FPERA), which focuses on prevalent attack vectors. By integrating techniques such as deep email header inspection, visual analysis, and threat intelligence, FPERA systematically examines potential risk factors across multiple dimensions and calculates the risk score of emails using a risk weighting matrix. Experimental tests conducted on multiple original datasets and AI-generated datasets have demonstrated that detection targeting attack vectors can more effectively counter phishing tactics like AI-enhanced polishing, email header exploits, and visual deception, while exhibiting consistent stability across different datasets.