Phishing emails remain one of the most common tools for cybercriminals. They aim to steal personal details, account credentials, or money. According to Valimail, around 3.4 billion phishing messages are sent every day. IBM estimates that an average incident costs businesses close to $5 million. The findings highlight how small drops in user awareness can translate into major financial risks.
Testing the Effect of Cognitive Load
The study involved close to 1,000 participants. Researchers asked them to complete email reviews while managing different levels of memory tasks. Results showed that when participants carried heavier mental loads, their ability to spot phishing attempts declined sharply. When the mental demand was lighter, accuracy improved.
The experiments suggest that memory and attention play a critical role in phishing detection. If workers are already focusing on difficult tasks, they may fail to notice details such as odd addresses or suspicious links. Divided attention reduces the level of scrutiny people apply to their inbox.
Role of Simple Reminders
The research also tested whether short prompts could help. A brief reminder before checking emails improved performance. Participants became more cautious when they were told that phishing attempts might be present. These reminders did not remove the effect of multitasking, but they reduced the impact.
Messages framed around rewards, such as offers or prizes, were the hardest to resist. People were more likely to believe them unless prompted to take care. In contrast, messages framed as threats, such as warnings about account lockouts, triggered more natural caution even without a prompt.
Training and Realistic Conditions
Many security training programs assume that workers are focused when phishing occurs. The study challenges that assumption. Real working conditions often include noise, interruptions, and simultaneous tasks. The findings suggest that training should reflect these distractions to prepare employees for realistic risks.
Simulated exercises with competing demands may help staff build habits that remain effective under pressure. Without this approach, lessons may not hold up when workers return to busy environments.
Practical Steps for Organizations
The authors highlight several measures that can reduce exposure to phishing:
- Introduce short alerts in email systems to encourage caution before clicking
- Design training that includes real-world distractions
- Teach staff how scammers use both threats and rewards to influence decisions
These steps reflect the idea that people are more vulnerable when attention is stretched thin. A momentary lapse can create an opening for attackers.
Financial Stakes
The cost of a phishing-related breach continues to rise. IBM estimates the average expense at nearly $5 million. Even small improvements in awareness can save companies large sums. Technology filters out many threats, but attackers continue to rely on human error because it cannot be fully automated away.
Shifting the Focus in Cybersecurity
The study shows why understanding human limits is central to defense. Multitasking changes how people judge information. Recognizing this effect can guide organizations in building stronger safeguards. Attention is a finite resource, and in digital workplaces it often gets divided.
The research offers a practical message: protecting information requires more than filters or policies. It requires systems and training that reflect how people actually work. When staff are busy, reminders and context-aware support can help them avoid costly mistakes.
Notes: This post was edited/created using GenAI tools. Image: DIW-Aigen.
Read next: YouTube’s Policy Shift Brings Relief for Creators Facing Strict Ad Rules
