Psychological Effects of Phishing Email Exposure: A Review

Phishing emails constitute a persistent and evolving cybersecurity threat, with growing evidence that psychological mechanisms critically shape user susceptibility. Yet, existing research remains fragmented, particularly in integrating emotional, cognitive, and contextual determinants with long-term intervention outcomes. This systematic review synthesizes empirical studies, theoretical models, and intervention evaluations published up to mid-2024 across cybersecurity, psychology, and behavioral science. The findings demonstrate that emotional responses fear, anxiety, and stress significantly increase vulnerability, while heuristic cognitive processing consistently predicts risk. Personality traits yield mixed associations, though anxiety-related cognitive styles emerge as more robust predictors than broad trait measures. Contextual factors, including message framing and targeted social engineering, further amplify susceptibility. Importantly, while training interventions enhance short-term detection, evidence for sustained behavioral change remains weak, exposing a critical research gap. By advancing an integrative perspective that combines emotional, cognitive, and contextual insights, this review contributes to theory development in human-centered cybersecurity and underscores the need for adaptive, psychologically informed interventions to mitigate the escalating risks of phishing at both individual and organizational levels.

Phishing Attacks, Psychological Vulnerability, Cognitive Biases in Cybersecurity, Human-Centered Security, Behavioral Cybersecurity Interventions.

1. Tian, C. A., Jensen, M. L., & Bott, G. J. “The influence of affective processing on phishing susceptibility”. European Journal of Information Systems 2024. [Google Scholar] [Crossref]

2. Lopez-Aguilar, P., Patsakis, C., & Solanas, A. “The Role of Extraversion in Phishing Victimisation: A Systematic Literature Review”. APWG Symposium on Electronic Crime Research 2022. [Google Scholar] [Crossref]

3. Distler, V. “The Influence of Context on Response to Spear-Phishing Attacks: An In-Situ Deception Study”. International Conference on Human Factors in Computing Systems 2023. [Google Scholar] [Crossref]

4. Ebot, A. C. T. “Using stage theorizing to make anti-phishing recommendations more effective”. 2018 [Google Scholar] [Crossref]

5. A. K. Ghazi-Tehrani, H. N. Pontell. “Phishing Envolves: Analyzing the Enduring Cybercrime”. Int. Journal of Evidence-based Research, Policy and Practice 2021, Vol. 16, No. 3, pp. 316–342 [Google Scholar] [Crossref]

6. Z. Alkhalil, C. Hewage, L. Nawaf, I. Khan. “Phishing Attacks: A Recent Comprehensive Study and A New Anatomy”. Frontiers in Computer Science. 2021, Vol. 3, pp. 1-23 [Google Scholar] [Crossref]

7. R. Montanez, E. Golob, S. Xu. “Human Cognition Through the Lens of Social Engineering Cyberattacks”. Frontier in Physchology 2020, Vol. [Google Scholar] [Crossref]

8. K. Khadka, A. B. Ullah, W. Ma, E. M. Marroquin. “A Survey on the Principles of Persuasion as a Social Engineering Strategy in Phishing”. IEEE 22nd Int. Conf. on Trust, Security and Privacy in Computing and Communications 2023, pp. 1-8 [Google Scholar] [Crossref]

9. T. Longtchi, R. M. Rodriquez, K. Gwartney, E. Ear, D. P. Azari, C. P. Kelly, S. Xu. “Quantifying Physchological Sophistication of Malicious Emails”. IEEE Access 2024, pp. 1-22 [Google Scholar] [Crossref]

10. M. Jari. “An Overview of Phishing Victimization: Human Factors, Training and the Role of Emotions”. CCSIT 2022. pp. 217-228 [Google Scholar] [Crossref]

11. F. P. E. Putra, Ubaidi, A. Zulfikri, G. Ariffin, R. M. Ilhamsyah. “Analysis of Phishing Attacks Trends, Impacts and Preventation Methods: Literature Study”. Brilliance Research of Artificial Intelligent 2024, Vol. 4, pp. 413- 421 [Google Scholar] [Crossref]

12. M. Bada, J. R. C. Nurse. “The Social aand Psychological Impact of Cyberattacks. Emerging Cyber Threats and Cognitive Vulnerabilities”. Academic Press 2020 [Google Scholar] [Crossref]

13. G. Norris, A. Brookes. “Personality, Emotion and Individual Differences in Response to Online Fraud”. 2021 [Google Scholar] [Crossref]

14. Goel, S., Williams, K. J., & Dincelli, E. “Got Phished ? Internet Security and Human Vulnerability”. Journal of the Association for Information Systems 2017 [Google Scholar] [Crossref]

15. Hassandoust, F., Singh, H., & Williams, J. E. “The Role of Contextualization in Individuals’ Vulnerability to Phishing Attempts”. Australasian Journal of Information Systems 2020. [Google Scholar] [Crossref]

16. Lopez-Aguilar, P., Patsakis, C., & Solanas, A. “The Role of Extraversion in Phishing Victimisation: A Systematic Literature Review”. APWG Symposium on Electronic Crime Research 2022. [Google Scholar] [Crossref]

17. S. Eftimie, R. Moinescu, C. Racuciu. “Spear-Phishing Susceptibility Stemming from Personality Traits”. IEEE Access 2022. Vol. 10 [Google Scholar] [Crossref]

18. H. Lam, E. Azar, D. Batur, S. Gao, W. Xie, S. R. Hunter, M. D. Rossetti. “Design, Modeling and Simulation of Cybercriminal Personality-based Cyberattack Campaigns”. Proceedings of the 2024 Winter Simulation Conference. [Google Scholar] [Crossref]

19. A. Islam, M. M. Rashid, F. Othman. M. G. Kaosar. “Identifying Personality Treat Associated with Phishing Susceptibility”. Security Journal 2025. [Google Scholar] [Crossref]

20. Taib, R., Yu, K., Berkovsky, S., Wiggins, M. W., & Bayl-Smith, P. “Social engineering and organisational dependencies in phishing attacks”. 2019 [Google Scholar] [Crossref]

21. Marshall, N., Sturman, D., & Auton, J. C. “Exploring Evidence for Email Phishing Training: A Scoping Review”. Computers & Security 2024 [Google Scholar] [Crossref]

22. Pujari, S. R., & Hussain, M. “Human Factor in Cybersecurity: Behavioral Insights into Phishing and Social Engineering Attacks”. Nanotechnology Perceptions 2024. [Google Scholar] [Crossref]

23. Ignatova, E. S. “Manipulation Of Emotional Security By Cybercriminals Using Social Engineering Technologies: A Case Study”. 2024 [Google Scholar] [Crossref]

24. Stalans, L. J., Chan-Tin, E., Moran, M. J., & Kennison, S. M. “Predicting Phishing Victimization: Comparing Prior Victimization, Cognitive, and Emotional Styles, and Vulnerable or Protective E-mail Strategies”. Victims & Offenders 2023 [Google Scholar] [Crossref]

25. Werner, M., & Njenga, K. “Phishing Attack Victims and the Effect on Work Engagement”. 2023 [Google Scholar] [Crossref]

26. Adejobi, J. A., Carroll, F., Nawaf, L., & Montasari, R. “Phishing, Trust And Human Wellbeing”. Web Based Communities 2021. [Google Scholar] [Crossref]

27. Buse, J. H. M., Ee, J., & Tripathi, S. “Unveiling the Unseen Wounds—A Qualitative Exploration of the Psychological Impact and Effects of Cyber Scams in Singapore”. Psychology 2023 Vol. 14. [Google Scholar] [Crossref]

28. Dwivedi, A. “A Comprehensive Review of Phishing in Cybersecurity: Risks, Impacts, and Defence Strategies”. Indian Scientific Journal of Research in Engineering and Management 2024 [Google Scholar] [Crossref]

29. Osman, Z., Alwi, N. H., & Khan, B. N. A. “Psychological Impact on the Public Susceptible to Online Scams”. International Journal of Academic Research in Business & Social Sciences 2024 [Google Scholar] [Crossref]

30. Abdrabou, Y., Dietz, F., Shams, A. M., Knierim, P., Abdelrahman, Y., Pfeuffer, K., Hassib, M., & Alt, F. “Revealing the Hidden Effects of Phishing Emails: An Analysis of Eye and Mouse Movements in Email Sorting Tasks” 2023 [Google Scholar] [Crossref]

31. Hussein, N. “Eye-Tracking In Association With Phishing Cyber Attacks: A Comprehensive Literature Review”. 2023 [Google Scholar] [Crossref]

32. Wang, & Girma. “Psychological tactics of phishing emails: A review”. IACIS International Journal of Information Systems, 2, 71-83. 2020 [Google Scholar] [Crossref]

33. Fall­on, C. K., Baweja, J. A., Yun, J. Y., Thompson, N. D., & Arendt, D. L. “Phishing in the wild: An ecologically valid study of the phishing tactics and human factors that predict susceptibility to a phishing attack.” Pacific Northwest National Laboratory.2021 [Google Scholar] [Crossref]

34. Sarno, D. M. “Which phish is captured in the net? Understanding phishing susceptibility and individual differences.” Applied Cognitive Psychology. 2023 [Google Scholar] [Crossref]

35. AnubisNetworks, “The psychology behind phishing attacks.” (online blog). 2024 [Google Scholar] [Crossref]

36. Halevi, T., Lewis, J., & Memon, N. “Phishing, personality traits and Facebook” 2013 [Google Scholar] [Crossref]

37. “Characteristics that Predict Phishing Susceptibility: A Review”. (2022). NSF Technical Report. [Google Scholar] [Crossref]

38. Butavicius, M., Parsons, K., Pattinson, M., & McCormac, A. “Breaching the human firewall: Social engineering in phishing and spear-phishing emails.” 2016 [Google Scholar] [Crossref]

39. Jie Wang et al. “The dynamic emotional experience of online fraud victims during the process of being defrauded: A text-based analysis” Journal of Consumer Behaviour. 2024 [Google Scholar] [Crossref]

40. Nurse, J. R. C. “Cybercrime and you: How criminals attack and the human factors that they seek to exploit.” 2018 [Google Scholar] [Crossref]

41. Ho, G., Mirian, A., Luo, E., et al. “Understanding the efficacy of phishing training in practice.” IEEE Symposium on Security and Privacy 2025 [Google Scholar] [Crossref]

42. Alluqmani, K., Elsharif Karrar, A., Alhaidari, M., Alharbi, R., & Alharbi, S. “Assessing the efficacy of security awareness training in mitigating phishing attacks: A review.” International Journal of Advanced Trends in Computer Science and Engineering, 14(3), 177-184. 2025 [Google Scholar] [Crossref]

43. Lain, D., Jost, T., Matetic, S., Kostiainen, K., & Capkun, S.”Content, nudges and incentives: A study on the effectiveness and perception of embedded phishing training.” 2024 [Google Scholar] [Crossref]

44. Abdulrahman A, Hussain A, Khalid A, Mounir F, “Phishing simulation as a proactive defense”. International Journal of Advanced Computer Science and Applications. 2025 [Google Scholar] [Crossref]

45. Luke Balcombe, “The Mental Health Impacts of Internet Scams.” PMC. 2025 [Google Scholar] [Crossref]

46. Button, M., et al. “The financial and psychological impact of identity theft among fraud victims.” PMC 2023 [Google Scholar] [Crossref]

47. Vikki Davies, “The psychological impact of phishing attacks on your employees”. Cyber Magazine 2023 [Google Scholar] [Crossref]

48. Moya Crockett, “The secret health hell of being scammed: ‘I felt as though my mind was disintegrating’”. The Guardian. 2024 [Google Scholar] [Crossref]

49. Lombard, M., Snyder-Duch, J., & Bracken, C. C. “Content analysis in mass communication: Assessment and reporting of intercoder reliability.” Human Communication Research, 28(4), 587–604. 2002 [Google Scholar] [Crossref]

50. Miles, M. B., Huberman, A. M., & Saldaña, J. “Qualitative data analysis: A methods sourcebook (3rd ed.)”. Sage. 2014 [Google Scholar] [Crossref]

51. Neuendorf, K. A. “The content analysis guidebook (2nd ed.)”. Sage. 2017 [Google Scholar] [Crossref]

52. O’Connor, C., & Joffe, H. “Intercoder reliability in qualitative research: Debates and practical guidelines.” International Journal of Qualitative Methods, 19, 1–13. 2020 [Google Scholar] [Crossref]

53. Bada, M., & Sasse, M. A. “Cyber security awareness campaigns: Why do they fail to change behaviour?” Global Cyber Security Capacity Centre Technical Report, University of Oxford. 2015 [Google Scholar] [Crossref]

• “Next-Generation Cybersecurity Through Blockchain and AI Synergy: A Paradigm Shift in Intelligent Threat Mitigation and Decentralised Security”
• Forensic Payroll Analytics for IPPIS: A Hybrid Anomaly-Detection Framework to Expose Payroll Fraud, Improve Data Governance, and Protect Employee Rights
• Factors Influencing Data Protection on Global Trade
• Development Of Artificial Intelligence-Based Model for Forensic Analysis of Cross-Platform Deepfakes
• Cyber Threats and Nigeria’s National Security: Assessing the Role of Regional Cooperation in West Africa