Emotional manipulation in phishing emails : experimental study of affective responses and human classification errors in a simulated email environment

Abstract

Phishing emails are a type of social engineering designed to extract sensitive information from individuals and organizations. Phishing attacks can exploit psychological mechanisms - such as fear and urgency - to trigger impulsive decision-making and security errors. Given the growing threat of phishing in recent years, this paper investigates emotional manipulation through phishing emails by examining affective and behavioral responses in a simulated email environment. To investigate how emotional triggers affect user susceptibility, a laboratory-based study was conducted using simulated email scenarios that closely resembled typical workplace communication patterns, enabling detailed tracking of multimodal responses. Participants interacted with legitimate and phishing emails while their facial expressions, electrodermal activity, and decision behaviors were recorded.Statistical analysis revealed significant correlations between physiological stress indicators and increased susceptibility to various decision-making errors - such as replying to, archiving, or failing to flag phishing emails - particularly when participants were exposed to emotionally charged messages. The findings underscore the need for cybersecurity training approaches that incorporate psychological and emotional dimensions. By identifying key affective states associated with security lapses, this research contributes to the design of more effective awareness strategies and affect-sensitive defense mechanisms.