Validation of a Phishing Risk Model in the Banking Sector based on Historical Data

Due to the growing digitisation of banking services, phishing remains one of the most significant threats in the banking sector. This paper presents a time-aware, standards-aligned framework for validating a phishing risk model using historical data while addressing class imbalance, calibration, and cost-sensitive thresholds. We outline data sources, privacy safeguards, feature engineering, and modelling families (regularised logistic regression, gradient boosting, random forests), together with blocked time-series validation and a cold hold-out. We emphasise reporting with PR-AUC, ROC-AUC, precision/recall@k, and calibration (Brier score), and connect model quality to operational value in SOC/ERM processes. An illustrative results section shows how precision–recall and calibration guide threshold selection and reduce analyst workload at fixed recall. The approach supports continuous improvement of anti-phishing defences and provides an auditable protocol for model governance.[1]