Ron Amsalem (Ariel University), Harel Berger (Ariel University)

Phishing attacks remain a widespread and persistent security threat, increasingly targeting academic institutions and university researchers. Because researchers often publish their contact information online, their email addresses become easy targets for automated harvesting systems. To reduce this risk, many university researchers employ basic obfuscation techniques such as replacing symbols with words (e.g., “name at domain dot com”) to prevent automated tools from identifying their addresses. This study examines whether modern large language models can infer or reconstruct researchers’ true email addresses despite such obfuscation. In particular, we evaluate three widely used models, ChatGPT, Gemini, and Claude, on their ability to extract contact information from webpages of security researchers publishing in leading venues. Our results show that the models differ substantially in their ability to recover obfuscated emails, exhibiting inconsistencies and blind spots. Our evaluation further shows that Gemini performs best (74% correct), followed by ChatGPT (60%) and Claude (40%). We additionally analyze the specific error patterns and points of disagreement across the models.

View More Papers

Anchors of Trust: A Usability Study on User Awareness,...

Xin Zhang (Fudan University), Xiaohan Zhang (Fudan University), Huijun Zhou (Fudan University), Bo Zhao (Fudan University)

Read More

In-Context Probing for Membership Inference in Fine-Tuned Language Models

Zhexi Lu (Rensselaer Polytechnic Institute), Hongliang Chi (Rensselaer Polytechnic Institute), Nathalie Baracaldo (IBM Research), Swanand Ravindra Kadhe (IBM Research), Yuseok Jeon (Korea University), Lei Yu (Rensselaer Polytechnic Institute)

Read More

Work-in-Progress: A Large-Scale Long-term Analysis of Online Fraud across...

Yi Han, Shujiang Wu, Mengmeng Li, Zixi Wang, and Pengfei Sun (F5)

Read More