Blog icon
Register now

Price

Free

Event date and time

Wednesday 22 Jul 2026
4.00pm to 5.00pm AEST

Location

Online virtual event
Login details will be emailed to registrants

Public Profiles as an Attack Surface: LLM-Based Spear Phishing at Scale

Speaker: Stefan Czybik

Pricing

  • Free

Dates and Times

Event date: Jul 2026

Wednesday 22 Jul 2026

Online virtual event

4.00pm to 5.00pm AEST

Login details will be emailed to registrants

Contact

Tina Wu

More information

Abstract:

Large Language Models have shifted the threat landscape for phishing attacks. While the risk is well known, the manual effort required for personalized spear phishing was historically limited by its scalability. This talk presents findings from a large-scale study involving over 7,700 participants, in which LLMs were used to automatically generate personalized phishing emails. By querying public web sources and combining open-source LLMs for profiling and email generation, the system produced tailored messages at a cost of approximately $0.03 per target — nearly tripling click rates compared to generic approaches. These findings raise urgent questions about countermeasures. Beyond this, we put this work in the broader context of configuration-based attack surfaces, examining how human susceptibility and system misconfiguration interact as compounding risk factors.

Bio:

Stefan Czybik is a PhD student in the Machine Learning and Security group at the Berlin Institute for the Foundations of Learning and Data (BIFOLD) and the Technical University of Berlin. His research focus is on attack surfaces on real world systems introduced by configurations and security and privacy in general.