CSE Faculty Spotlight

Abstract

Social engineering attacks are often treated as a content classification problem, with defenses focused on detecting malicious emails or websites. However, many real-world scams are fundamentally interactive, evolving over time through conversations, persuasion, and adaptive attacker behavior. In this talk, I will argue that understanding and mitigating modern social engineering attacks requires moving beyond passive analysis and toward interactive, measurement-driven methodologies.

To support this view, I will present insights from my recent work that exclusively studies the interactive component of social engineering attacks. This includes large-scale frameworks for baiting scammers on social media platforms, tracking end-to-end scam execution, and quantifying real financial harm, as well as analyses of how attackers coordinate and adapt during live interactions. I will also discuss how qualitative analysis techniques can be used to uncover new insights into how interactive attacks are orchestrated in practice, including which user interface elements and workflows are most frequently exploited.

Building on these results, I will outline my ongoing research agenda focused on AI-driven methodologies for documenting and analyzing interactive social engineering attacks. This work explores how carefully designed AI agents can safely and ethically engage with scammers to collect realistic behavioral data that is otherwise inaccessible, with the goal of enabling more robust, scalable, and ecosystem-level defenses. Ultimately, this research aims to shift the security community’s perspective away from user-centric blame and toward systemic solutions that remain effective even in the presence of human vulnerability.

Biography

Phani Vadrevu is an Assistant Professor in the Department of Computer Science at Louisiana State University. His research spans web security and cybercrime measurement, with a focus on understanding and mitigating real-world social engineering, phishing, and bot-driven attacks. His work combines large-scale empirical measurement, attacker-centric analysis, and human-centered studies to expose weaknesses in deployed security systems and inform practical defenses.

His research has appeared at leading security and networking venues including IEEE Symposium on Security and Privacy, USENIX Security, ACM CCS, NDSS, IMC, and WWW, and has identified vulnerabilities in widely deployed web and email security infrastructures. He has received support from NSF and industry partners and maintains active collaborations across academia and government. In teaching, he develops and delivers hands-on courses in web security and cryptography, and contributes to the research community through sustained program committee service and leadership roles.