WhatsPhish: WhatsApp AI Phishing Detector Chatbot
- Conference
- Location
-
Marshall University, Huntington, West Virginia
- Publication Date
-
March 28, 2025
- Start Date
-
March 28, 2025
- End Date
-
March 29, 2025
- Page Count
-
13
- DOI
-
10.18260/1-2--54698
- Permanent URL
-
https://peer.asee.org/54698
- Download Count
-
96
Paper Authors
Fatma Outay College of Technological Innovation, Zayed University
Haroon Malik Marshall University
Abstract
Phishing attacks continue to be a major worldwide cybersecurity concern, resulting in over $17 billion losses every year due to malware distribution, financial fraud, and credential theft. These attacks make conventional detection systems inadequate by taking advantage of human weaknesses and sophisticated escape strategies. Current solutions, like web security technologies like Google Safe Browsing and email phishing filters, have limited real-time reaction capabilities and do not address threats on popular encrypted messaging apps like WhatsApp, which has over 85% of the UAE's population. Furthermore, these systems frequently lack regionally unique datasets, which lessens their ability to detect phishing attempts that are culturally or linguistically specific.
We introduce WhatsPhish, a state-of-the-art real-time phishing detection system driven by OpenAI's GPT-4, to overcome these limitations. The core of WhatsPhish lies in its utilization of GPT-4, a state-of-the-art large language model, pre-trained on vast datasets and fine-tuned for phishing detection. This model is excellent at spotting context-specific phishing trends, differentiating subtle distinctions between malicious and legitimate content, and adjusting to emerging threats. We created a dataset of legitimate and phishing messages specific to the United Arab Emirates, including examples catered to regional linguistic and cultural behaviors, in order to improve regional relevance. The chatbot is further trained using this dataset, increasing detection precision and lowering false positives. WhatsPhish operates through a secure and efficient workflow. When a user sends a message, the system decrypts it using Meta Developer tools while preserving user privacy. The decrypted content is analyzed by GPT-4 for phishing indicators, leveraging both the UAE-specific dataset and advanced Natural Language Processing techniques. For an additional layer of validation, any embedded links are analyzed through the VirusTotal API, ensuring comprehensive threat detection. Finally, the system generates an immediate, actionable response to inform the user of potential risks, all within the secure confines of the WhatsApp platform. Aligned with the UAE’s National Cybersecurity Strategy, WhatsPhish supports the nation’s vision of fostering a secure digital environment amid rapid transformation. With the TDRA prioritizing safe communication, WhatsPhish addresses cyber threats on essential platforms like WhatsApp, offering intuitive tools for non-technical users and the elderly. By tackling localized phishing risks and leveraging AI for proactive threat detection, WhatsPhish contributes to the UAE’s leadership in secure digital transformation and AI-driven innovation, reinforcing trust in digital ecosystems.
Outay, F., & Malik, H. (2025, March), WhatsPhish: WhatsApp AI Phishing Detector Chatbot Paper presented at 2025 ASEE North Central Section (NCS) Annual Conference, Marshall University, Huntington, West Virginia. 10.18260/1-2--54698
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2025 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015