Eye tracking study to analyze context encoding during phishing decision making
Abstract
Phishing and spear-phishing remain among the most persistent cybersecurity threats. This study examines end-user decision-making in spear-phishing contexts by modelling the relationship between visual attention and responses using eye-tracking measures. Forty-eight university students completed an email management task while eye movements were recorded with a Tobii Nano Pro tracker. Participants classified 50 emails (phishing, spear-phishing, promotional, legitimate) drawn from a corpus of 481 messages. Cognitive load was manipulated via concurrent puzzle solving and validated using NASA-TLX. To minimize bias, participants assumed fictional personas and made realistic decisions without explicit phishing instructions. Cognitive load and fatigue showed no significant effect on phishing susceptibility, though later trials exhibited a marginal increase in response bias. In contrast, eye-tracking metrics strongly predicted decisions. Logistic regression revealed that longer first fixation durations and higher saccade counts increased likelihood of responding, while larger pupil diameters were negatively associated with responses. Beyond results from the experiment, the study proposes attention-based representations integrating eye-tracking with natural language processing to improve cognitive models.
Keywords: Phishing, Attention, Decision Making
DOI: 10.54941/ahfe1007409
Cite this paper
More from this volume
- A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical Infrastructure
- Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs
- Enhancing Cybersecurity Learning Through Online Platforms and Gamified Approaches
- Privileged Learning for Instance Representation in Cognitive Models of Phishing Decisions
- Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision Dynamics
- Governing the human factor in cybersecurity: A regulatory perspective
- Assessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in Germany
- Simulating the Threat: A Phishing Campaign to Enhance Cyber Resilience in a Large Organization
- Micro-Decisions Under Time Pressure and Dark Patterns in Digital Interfaces
- Designing an AI-Driven Framework for Human-Centered Cybersecurity Practices
- Beyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)
- The Human Factor in Cyber Resilience: Behavioural, Organisational and Sociotechnical Perspectives


AHFE Open Access