The human firewall: Investigating the impact of chronic motivational orientation, message framing, and cognitive constraints on phishing detection
通过两个实验,研究了个人动机取向(促进vs预防)与信息框架(收益vs损失)、工作记忆负荷和认知需求如何共同影响网络钓鱼邮件的检测能力,为个性化网络安全培训提供依据。
Phishing attacks, often disguised as legitimate communications, exploit human psychology to compromise security. Research on phishing susceptibility suggests that the way phishing messages are framed acts as an external motivational cue, enticing individuals to click on malicious links. However, these studies often overlook the role of individuals’ internal motivational orientation and its interplay with cognitive constraints and message design. The paper investigates how a promotion vs. prevention focus interacts with message framing (gain vs. loss), working memory load (WML), and need for cognition (NFC) to shape phishing detection. Across two experiments, we find that prevention-focused individuals exhibit higher detection accuracy for phishing emails but lower detection accuracy for legitimate emails. For phishing emails, this motivational gap is more pronounced under conditions of low WML or among low-NFC individuals, particularly when emails include gain-framed content. For legitimate emails, the gap is especially salient under low WML and when evaluating messages with gain-framed content. Our findings advance phishing research by demonstrating the joint influence of motivation, cognition, and message design, and offer practical insights for personalized cybersecurity training that adapts to users’ cognitive and motivational profiles to reduce cyber risks.