Why multitasking increases the likelihood of getting scammed

By Stephen Beech

Multitasking makes people "significantly" more likely to fall for online scams, warns a new study.

Email users are at greater risk of becoming victims of "phishing" scams when they are trying to do two or more things at once, according to the findings.

Researchers found that multitasking makes phishing detection much more difficult.

Study co-author Professor Jinglu Jiang says when people are overloaded with information, their ability to notice suspicious cues drops.

But the study also points to a surprisingly simple solution: timely "nudges" that can redirect attention when it matters most.

Jiang says that with 3.4 billion malicious emails sent daily, the stakes couldn’t be higher.

She said: “When working with multiple screens, your attention will never be fully focused on one screen or one particular email, especially when handling urgent tasks.

"If you want to reply to that email quickly, ignoring those red flags in a phishing email is easy.

“We designed a plan for a very simple notification system to nudge people about the risk factors, so hopefully phishing messages don’t get lost in the shuffle and people can more efficiently detect them.”

The experiments, conducted with 977 American participants, simulated common multitasking scenarios.

Participants memorised work-related details or numbers - their “primary task” - while being asked to spot phishing messages, a “secondary" task.

The research team found that phishing detection accuracy "plummeted" when working memory load was high.

More from this section

+4

Can dogs slow down aging in women?

+4

New way to fight climate change using coffee

+4

New study suggests stranded dolphins could have dementia

But when the researchers introduced brief reminders, participants’ detection performance improved even during heavy multitasking.

Jiang says the reminders don’t require overhauling workflows.

For example, while juggling multiple spreadsheets or messaging apps, an email client might display a colored warning banner at the top of a suspicious message.

And during calendar notifications or task switching, a small system nudge such as “this message may be fraudulent - take a second look” could redirect attention.

By using the cues at moments when workers are distracted or overloaded, Jiang says firms can help employees refocus on phishing detection precisely when they are most vulnerable.

The study, published in the European Journal of Information Systems, found that some phishing messages are easier to detect than others.

Researchers found that “goal activation” cues - such as reminders - are especially helpful for gain-framed messages that promise rewards, like “claim your gift card now.”

But loss-framed messages - such as “Your account will be locked in 24 hours” - often trigger vigilance on their own, reducing the benefit of an extra reminder.

Jiang, of Binghamton University School of Management in New York, says the insight suggests organizations should avoid blanket reminder strategies that risk overwhelming employees.

Instead, she said firms can design content-aware notifications, such as nudges, that adapt to the type of phishing attempt.

As phishing grows more sophisticated, Jiang says business and organizations that adapt with just-in-time, content-aware interventions will be far better positioned to protect their people and data.

She added, "The techniques used by these phishers become more sophisticated every day.

"They’re using fake accounts and, in many instances, masking the sender’s identity.

“Our study shows that phishing detection can sometimes plummet under multitasking, and then those threat-based, loss-based messages are hardest to detect, no matter what you do.

"But those little reminders, nudging methods, can actually be very helpful.”