Multitasking significantly impairs employees’ ability to detect phishing emails, with simple notification nudges offering a surprisingly effective countermeasure, according to research involving faculty at Binghamton University.
A study examining 977 participants found that phishing detection accuracy plummeted when working memory load was high, simulating common workplace scenarios where employees juggle multiple screens, messaging applications and urgent tasks whilst handling 3.4 billion malicious emails sent daily.
Experiments simulated real-world multitasking conditions by asking participants to memorise work-related details or numbers as their primary task whilst simultaneously identifying phishing messages as a secondary task. Detection performance dropped substantially under these conditions, but improved when researchers introduced brief reminders at strategic moments.
Jinglu Jiang, associate professor at Binghamton University’s School of Management and study co-author, explained the mechanism: “When working with multiple screens, your attention will never be fully focused on one screen or one particular email, especially when handling urgent tasks. If you want to reply to that email quickly, ignoring those red flags in a phishing email is easy.”
The research team designed lightweight interventions that don’t require overhauling existing workflows. Examples include coloured warning banners displayed at the top of suspicious messages in email clients, or small system nudges during calendar notifications advising users to take a second look at potentially fraudulent messages.
The study revealed that not all phishing messages respond equally to reminder interventions. Goal activation cues proved especially helpful for gain-framed messages promising rewards such as gift cards or prizes. Loss-framed messages warning of imminent account lockouts or security breaches often triggered vigilance independently, reducing the benefit of additional reminders.
This finding suggests organisations should avoid blanket reminder strategies that risk overwhelming employees. Instead, content-aware notifications that adapt to the specific type of phishing attempt offer more targeted protection.
Jiang noted the evolving sophistication of attacks: “The techniques used by these phishers become more sophisticated every day; they’re using fake accounts and, in many instances, masking the sender’s identity. Our study shows that phishing detection can sometimes plummet under multitasking, and then those threat-based, loss-based messages are hardest to detect, no matter what you do. But those little reminders, nudging methods, can actually be very helpful.”
The research offers three recommendations for employers, IT managers and security trainers: embed nudges into daily tools such as Outlook banners or Teams integrations, customise reminder frequency based on message content, and design training programmes that reflect real-world multitasking conditions rather than assuming undistracted users.
The study was published in the European Journal of Information Systems. Co-authors include Xuecong Lu from the University at Albany, and Milena Head and Junyi Yand from McMaster University in Canada.
