A Multi-Layer Model of Psychological Factors and Parametric Approaches for Human-Centric Phishing Prevention

Abstract

Phishing continues to be an evolving cybersecurity menace, leveraging social engineering that preys on human vulnerabilities, such as risk-taking, trust, and cognitive biases. This research aims to systematically model these psychological dimensions using a six-category hierarchical framework Demographic Factors (DF), Digital Literacy (DL), Risk-Taking Behavior (RTB), Trust Perception (TP), Psychological State (PS), and Cognitive Bias (CB) quantified by standardized scales (e.g., DOSPERT, Karolinska Sleepiness Scale). We integrate these factors via either a Hooking Factor (HF) domain-based formula or Logistic Regression (LR), applying SMOTE to mitigate class imbalance in our limited dataset (126 participants, only 8 actual phishing victims). A comparative analysis with existing phishing detection approaches highlights our psychological emphasis and flexible modeling strategy. Our key findings demonstrate: (1) Both HF and LR yield interpretable insights into user-level phishing vulnerability; (2) SMOTE helps minority-class recognition but may inflate performance; and (3) future real-time biometric monitoring of stress or fatigue could boost the model's adaptive capacity. We contribute a human-centric perspective that merges psychological measurement with machine learning for enhanced phishing defense strategies. © 2025 Elsevier B.V., All rights reserved.