Phishing attacks are prevalent cyber threats that exploit human vulnerabilities to deceive individuals into disclosing sensitive information. This systematic review aims to identify the behavioral determinants – the various factors that influence a person’s behavior, actions and choices, influencing cybersecurity decisions in phishing contexts.
A systematic search using the preferred reporting items for systematic reviews and meta-analyses framework of three databases – ACM Digital Library, IEE Xplore and Scopus – identified 48 studies published between 2010 and 2025.
Thematic analysis revealed a complex interplay between internal and external factors influencing phishing susceptibility. Internal factors, broadly classified as cognitive processes, emotional responses and knowledge, shape individual decision-making. Phishing process-driven behavioral responses, influenced by contextual factors and interaction with the phishing attempt, contribute to vulnerability.
This comprehensive understanding could inform the development of multifaceted interventions that address both individual and situational factors to enhance cybersecurity awareness and resilience. The study concludes with a discussion of future research directions.
