The Psychology of Phishing: Why Users Fall Victim to Deceptive Emails

Freyha A. Bahari; Tadzmera A. Daud; Mhesi D. Arabbi; Noralyn I. Jalah; Nuralyn O. Adjid; Fatmahal Abah; Sitti Aiman A. Amiddin; Ayang A. Ibno; Alsanoh S. Abduhail; Masukud Ajijul; Riza M. Sali; Shernahar K. Tahil1

1

Publication Date: 2025/01/08

Abstract: Phishing emails are type of Social Engineering attacks which are currently among the most widespread cybersecurity threat due to their impact on human psychology. These attacks aim to gain sensitive information from the user such as passwords, banking details, or personal information. This research aims at identifying the psychological factors that make users vulnerable to phishing including, manipulation of trust and credibility, cognitive biases and heuristics, emotional triggers, social proof, and scarcity. Through the evaluation of these factors, this paper offers information on how phishing schemes exploits authority, self-control bias, and scarcity. Based on the findings of the present research, it concerns the increased user awareness and the developing tools to prepare individuals to stand against any phishing attacks. This study contributes to the understanding on how and why phishing occurs, as well as it offers suggestions for addressing the problem.

Keywords: Susceptibility, Psychological Vulnerabilities, Phishing, Heuristics.

DOI: https://doi.org/10.5281/zenodo.14610632

PDF: https://ijirst.demo4.arinfotech.co/assets/upload/files/IJISRT24DEC1968.pdf

REFERENCES

  1. Alseadon, A. (2014). The impact of personality traits on phishing susceptibility: The case of Saudi Arabia. International Journal of Computer Application.
  2. Butavicius, M., Parsons, K., Pattison, M., & McCormac, A. (2016). Breaching the human firewall: Social engineering in phishing and spear phishing e – mails.
  3. Diaz, A., Sherman, A. T., & Joshi, A. (2018). Phishing in an academic community: A study of user susceptibility and behaivior.
  4. Luo, X., Zhang, W., Burd, S., & Seazzu, A. (2013). Investigating phishing victimization with the phishing heuristic – semantic model: A theoretical framework and an explanation. Computer & Security.
  5. Robert Cialdini: “Dr. Robert Cialdini’s seven principles of persuasion, IAW”. Influence work retrieved 18 May 2022.
  6. Desolda, G., Ferro, L. S., Marella, A., Catarci, T., & Costabile, M. F. (2020). Human factors in phishing attacks: A systematic literature review., AMC Computing surveys.
  7. Jain. A. K., & Gupta, B. B. (2017). Phishing detection: Analysis of visual similarity – based approaches. Security and communication network.
  8. Alkhalil., Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy.
  9. Frontiers in computer science. 3.
  10. McAlaney, J., & Hills, P. J. (2020). Understanding phishing email processing and perceived trustworthnes through eye tracking. Frontiers in psychology.
  11. PositivePsychology.co. (2020, April 4). What is cognitive bias? 7 examples & resources (Incl. Codex).