Public Instagram posts provide raw material for AI phishing campaigns

Research from the University of Texas at Arlington and Louisiana State University demonstrates that attackers can use a small set of public Instagram posts and modern LLMs (GPT-4, Claude 3 Haiku, Gemini, Gemma, Llama) to cheaply generate large volumes of highly personalized and convincing phishing emails; human testing found these AI-generated messages were often harder to detect than real-world phishing samples, moderation safeguards frequently failed, and only 10–15 posts were typically sufficient to enable scalable targeted campaigns.