Phishing detector robustness is fundamentally limited by feature economics—the cost of realistic website modifications—not by model architecture. Attackers can reliably evade detection by exploiting cheap feature changes, making feature design more critical than model choice.
This paper reveals a critical weakness in phishing detection systems: while machine learning models achieve near-perfect accuracy in testing, attackers can easily evade them by making cheap, realistic changes to websites.