Combating Phishing in Kenya: A Supervised Learning Model for Enhanced Email Security in Kenyan Financial Institutions

Purpose: Phishing is a serious cybercrime problem that puts people and organizations at risk all around the world, especially in Republic of Kenya's financial institutions. Modern solutions are required because traditional security measures are being challenged by the growing sophistication of phishing attempts. The goal of this thesis is to use artificial intelligence (AI) to create a supervised machine learning model that will alleviate phishing email attacks in the Kenyan financial institutions. Attackers frequently use phishing emails as a means of obtaining unauthorized access to private information, including login credentials, financial information, and personal information. This can lead to identity theft, reputational harm, and monetary losses. Methodology: The suggested framework focuses on using supervised machine learning techniques to recognize and stop phishing emails with accuracy. Four primary parts make up the framework: response, email filtering, feature extraction, and categorization. Four primary steps are involved in developing the framework: gathering data, preparing the data, training the model, and deployment. A thorough dataset of phishing and non-phishing emails is compiled throughout the data collecting phase from a variety of sources, including as public databases, forums on the dark web, and emails from financial institutions staff. Cleaning, classifying, and preprocessing the gathered data are all part of the data preprocessing step, which makes sure the data is appropriate for training the model. Supervised machine learning methods are used in the model training phase to create a reliable detection model. Findings: The system is tested against a dataset of phishing and non-phishing emails particular to the Kenyan financial sectors. The framework's effectiveness is assessed using performance indicators such as accuracy, precision, recall, and the F1-score. The results reveal that the system can correctly detect new phishing emails that were not previously included in the training dataset, demonstrating its adaptability to emerging threats. Unique Contribution to Theory, Practice and Policy: By offering an effective mechanism for detecting and alleviating phishing email attacks, the proposed framework considerably minimizes the risk of data breaches and financial losses in the banking sector.