Open Access

ARTICLE

The Psychological Manipulation of Phishing Emails: A Cognitive Bias Approach

Yulin Yao, Kangfeng Zheng, Bin Wu^*, Chunhua Wu, Jiaqi Gao, Jvjie Wang, Minjiao Yang

School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 102209, China

* Corresponding Author: Bin Wu. Email:

Computers, Materials & Continua 2025, 85(3), 4753-4776. https://doi.org/10.32604/cmc.2025.065059

Received 02 March 2025; Accepted 28 June 2025; Issue published 23 October 2025

Abstract

Cognitive biases are commonly used by attackers to manipulate users’ psychology in phishing emails. This study systematically analyzes the exploitation of cognitive biases in phishing emails and addresses the following questions: (1) Which cognitive biases are frequently exploited in phishing emails? (2) How are cognitive biases exploited in phishing emails? (3) How effective are cognitive bias features in detecting phishing emails? (4) How can the exploitation of cognitive biases in phishing emails be modelled? To address these questions, this study constructed a cognitive processing model that explains how attackers manipulate users by leveraging cognitive biases at different cognitive stages. By annotating 482 phishing emails, this study identified 10 common types of cognitive biases and developed corresponding detection models to evaluate the effectiveness of these bias features in phishing email detection. The results show that models incorporating cognitive bias features significantly outperform baseline models in terms of accuracy, recall, and F1 score. This study provides crucial theoretical support for future anti-phishing methods, as a deeper understanding of cognitive biases offers key insights for designing more effective detection and prevention strategies.

---

Keywords

---