The Impact of Emerging Phishing Threats: Assessing Quishing and LLM-generated Phishing Emails against Organizations

Conference ACM Asia Conference on Computer and Communications Security


Hanoi, Vietnam

Oneliner: We (are the first to) carry out a large-scale and cross-organizational user study on the effectiveness of quishing and LLM-written phishing emails (spoiler alert: they work very well).

I loved giving the talk, and the conference was, from what I saw, very good… unfortunately, I was not able to enjoy either the conference or Hanoi as much as I had wanted.

First, my flight was scheduled to land at 6am on Monday and… well, roughly at the same time, it was expected that a typhoon (yes, a typhoon!) would hit Vietnam. Thankfully, I managed to get to the hotel before getting caught in a huge storm. Yet, my first two days in Hanoi were spent in my hotel room because there was simply too much rain (the typhoon caused a lot of issues in Vietnam in general).

However, weather aside, the other “problem” was the USENIX Security ‘26 deadline. Not only I had something to submit there (which kept me busy until the very end), but—since I am one of the vice PC chairs—I didn’t have one moment of rest: when the deadline hit, I was “flooded” with all sort of “TODOs” that are typical of these circumstances.

The only moments I could (somehow) enjoy Hanoi was the evening of Thursday. I did not go out of my room (not even to attend the conference) until Thursday evening, when I finally had the time to go out and take a walk across the streets. The city is… something worth seeing at least once, I’d say :) (oh, and if anyone is reading this and is planning to go to Vietnam: you must try the Bun cha)

Slides Video Venue Paper