Purpose Phishing attacks are prevalent cyber threats that exploit human vulnerabilities to deceive individuals into disclosing sensitive information. This systematic review aims to identify the behavioral determinants – the various factors that influence a person’s behavior, actions and choices, influencing cybersecurity decisions in phishing contexts. Design/methodology/approach A systematic search using the preferred reporting items for systematic reviews and meta-analyses framework of three databases – ACM Digital Library, IEE Xplore and Scopus – identified 48 studies published between 2010 and 2025. Findings Thematic analysis revealed a complex interplay between internal and external factors influencing phishing susceptibility. Internal factors, broadly classified as cognitive processes, emotional responses and knowledge, shape individual decision-making. Phishing process-driven behavioral responses, influenced by contextual factors and interaction with the phishing attempt, contribute to vulnerability. Originality/value This comprehensive understanding could inform the development of multifaceted interventions that address both individual and situational factors to enhance cybersecurity awareness and resilience. The study concludes with a discussion of future research directions.
Rajan et al. (Thu,) studied this question.