Psychological Effects of Phishing Email Exposure: A Review

Abstract

Phishing emails constitute a persistent and evolving cybersecurity threat, with growing evidence that psychological mechanisms critically shape user susceptibility. Yet, existing research remains fragmented, particularly in integrating emotional, cognitive, and contextual determinants with long-term intervention outcomes. This systematic review synthesizes empirical studies, theoretical models, and intervention evaluations published up to mid-2024 across cybersecurity, psychology, and behavioral science. The findings demonstrate that emotional responses fear, anxiety, and stress significantly increase vulnerability, while heuristic cognitive processing consistently predicts risk. Personality traits yield mixed associations, though anxiety-related cognitive styles emerge as more robust predictors than broad trait measures. Contextual factors, including message framing and targeted social engineering, further amplify susceptibility. Importantly, while training interventions enhance short-term detection, evidence for sustained behavioral change remains weak, exposing a critical research gap. By advancing an integrative perspective that combines emotional, cognitive, and contextual insights, this review contributes to theory development in human-centered cybersecurity and underscores the need for adaptive, psychologically informed interventions to mitigate the escalating risks of phishing at both individual and organizational levels.