Ron Amsalem (Ariel University), Harel Berger (Ariel University)
Phishing attacks remain a widespread and persistent security threat, increasingly targeting academic institutions and university researchers. Because researchers often publish their contact information online, their email addresses become easy targets for automated harvesting systems. To reduce this risk, many university researchers employ basic obfuscation techniques such as replacing symbols with words (e.g., “name at domain dot com”) to prevent automated tools from identifying their addresses. This study examines whether modern large language models can infer or reconstruct researchers’ true email addresses despite such obfuscation. In particular, we evaluate three widely used models, ChatGPT, Gemini, and Claude, on their ability to extract contact information from webpages of security researchers publishing in leading venues. Our results show that the models differ substantially in their ability to recover obfuscated emails, exhibiting inconsistencies and blind spots. Our evaluation further shows that Gemini performs best (74% correct), followed by ChatGPT (60%) and Claude (40%). We additionally analyze the specific error patterns and points of disagreement across the models.