Phishing detection in multitasking contexts: the impact of working memory load, goal activation, and message framing cue on detection performance

Phishing, a prevalent cyber threat leveraging social engineering, poses significant challenges in the digital landscape. Despite advancements in security technologies, phishing continues to exploit human vulnerabilities, underscoring the need to understand how individuals detect such attacks. Existing research often assumes phishing detection occurs in isolation, overlooking real-world multitasking contexts where competing cognitive demands can hinder detection. This study fills this gap by examining phishing detection in the multitasking context and theorizing the relevant cognitive mechanisms and phishing-specific factors that influence phishing detection performance. Drawing on the memory-for-goals theory, we investigate the effects of working memory load (WML) from the primary task, goal activation (GA) towards phishing detection on performance, and message framing of phishing attacks. Findings from two online experiments reveal that increased WML impairs detection accuracy, while GA improves performance and reduces the negative impact of WML; furthermore, GA plays a more significant role in gain-framed phishing emails compared to loss-framed ones. Our research shifts the focus from message characteristics to the influence of multitasking on phishing detection. The results highlight the need for context-aware interventions that better align with real-world user behaviour, which provides a foundation for designing more effective phishing defences in multitasking digital environments.