Multitasking makes you more likely to fall for phishing emails, experiments show

Picture this: You’re on a Zoom call, Slack is buzzing, three spreadsheets are open, and your inbox is pinging. In that moment of divided attention, you miss the little red flag in an email. This is how phishing sneaks in, and with 3.4 billion malicious emails sent daily, the stakes couldn’t be higher.

A new study involving professors at Binghamton University, School of Management at the State University of New York, shows that multitasking significantly worsens phishing detection: When people are overloaded with information, their ability to notice suspicious signals diminishes. But the study also points to a surprisingly simple solution: gentle, timely nudges that can redirect attention when it matters most.

“When working with multiple screens, your attention will never be fully focused on a particular screen or email, especially when dealing with urgent tasks. If you want to respond to that email quickly, it’s easy to ignore the red flags in a phishing email,” said SOM associate professor Jinglu Jiang, co-author of the study. “We designed a plan for a very simple notification system to get people aware of the risk factors, to hope that phishing messages don’t get lost in the shuffle and people can detect them more effectively.”

The experiments, conducted with 977 participants, simulated common multitasking scenarios. Participants memorized work-related details or numbers (their “primary task”) while being asked to spot phishing messages (a “secondary task”).

The researchers found that phishing detection accuracy decreased when working memory load was high. However, when the researchers introduced brief reminders, participants’ detection performance improved, even under intensive multitasking conditions.

These reminders do not require redesigning workflows. For example, when juggling multiple spreadsheets or email applications, an email client might display a colorful warning banner at the top of a suspicious message.

During calendar notifications or task switching, a gentle nudge from the system such as “this message may be fraudulent – ​​take a second look” could redirect attention. By using these signals when employees are distracted or overloaded, organizations can help them refocus on phishing detection precisely when they are most vulnerable.

The study also found that not all phishing messages are equal. “Goal activation” signals (like reminders) are particularly useful for win-framed messages that promise rewards, such as “claim your gift card now.” On the other hand, messages framed by loss (“Your account will be locked in 24 hours”) often trigger vigilance on their own, thus reducing the benefit of an additional reminder.

According to the study, this idea suggests that organizations should avoid blanket reminder strategies that risk overwhelming employees. Instead, organizations can design content-aware notifications, like nudges, that adapt to the type of phishing attempt.

As phishing becomes more sophisticated, Jiang said, organizations that adapt with just-in-time, content-aware interventions will be much better positioned to protect their people and their data.

“The techniques used by these phishers are becoming more sophisticated every day; they use fake accounts and, in many cases, hide the identity of the sender,” Jiang explained. “Our study shows that phishing detection can sometimes break down when multitasking, and that these threat- and loss-based messages are then harder to detect, no matter what you do. But these little reminders, these nudging methods, can actually be very useful.”

For employers, IT managers and security trainers, the study offers recommendations:

• Integrate nudges into everyday tools, from Outlook banners to Slack or Teams integrations.
• Personalize by content: Send more reminders for tempting rewards-based scams.
• Train for Reality: Most phishing training assumes users aren’t distracted, but real-world employees are still multitasking, so training needs to take this into account.

The study titled “Phishing detection in multitasking contexts: impact of working memory load, goal activation and message framing signal on detection performance” is published in the European Journal of Information Systems. It was co-authored by Xuecong Lu of the University at Albany, as well as Milena Head and Junyi Yand of McMaster University in Canada.