Phishing attacks continuously evolve, yet existing detection models suffer from poor generalizability and robustness due to scarce, outdated, and insufficiently diverse training data—exacerbated by privacy constraints. To address this, we propose PEEK, the first phishing email evolution framework: it integrates persuasion psychology principles with large language models (LLaMA/GPT) to establish an adversarial generative mechanism that produces high-quality, highly diverse, and temporally evolving phishing samples. We introduce the first persuasion-theory-driven LLM adversarial training paradigm, boosting usable sample rate from 21.4% to 84.8%. Detection models trained on PEEK-generated data achieve >88% accuracy, exhibit a 70% improvement in adversarial robustness, and maintain 70% detection accuracy under strong adversarial conditions—substantially outperforming prior LLM-generated datasets.

Phishing remains a pervasive cyber threat, as attackers craft deceptive emails to lure victims into revealing sensitive information. While Artificial Intelligence (AI), in particular, deep learning, has become a key component in defending against phishing attacks, these approaches face critical limitations. The scarcity of publicly available, diverse, and updated data, largely due to privacy concerns, constrains detection effectiveness. As phishing tactics evolve rapidly, models trained on limited, outdated data struggle to detect new, sophisticated deception strategies, leaving systems and people vulnerable to an ever-growing array of attacks. We propose the first Phishing Evolution FramEworK (PEEK) for augmenting phishing email datasets with respect to quality and diversity, and analyzing changing phishing patterns for detection to adapt to updated phishing attacks. Specifically, we integrate large language models (LLMs) into the process of adversarial training to enhance the performance of the generated dataset and leverage persuasion principles in a recurrent framework to facilitate the understanding of changing phishing strategies. PEEK raises the proportion of usable phishing samples from 21.4% to 84.8%, surpassing existing works that rely on prompting and fine-tuning LLMs. The phishing datasets provided by PEEK, with evolving phishing patterns, outperform the other two available LLM-generated phishing email datasets in improving detection robustness. PEEK phishing boosts detectors' accuracy to over 88% and reduces adversarial sensitivity by up to 70%, still maintaining 70% detection accuracy against adversarial attacks.