• by Ray Schultz , Columnist, October 6, 2025

People multitasking at work are less likely to detect phishing, according to a new study from Binghamton University, State University of New York.  

That is not totally surprising — workers can easily be distracted when overloaded with information.   

“When working with multiple screens, your attention will never be fully focused on one screen or one particular email, especially when handling urgent tasks,” says Jinglu Jiang, associate professor of the School of Management at Binghamton. “If you want to reply to that email quickly, ignoring those red flags in a phishing email is easy.”  

Of course, this level of distraction may also lower response to sales or marketing emails.  

Response to phishing improved when the researchers introduced reminders and nudges — i.e., a warning that “this email may be fraudulent.” But, as with all type of messaging, a level of personalization is required. 

Organizations should “avoid blanket reminder strategies that risk overwhelming employees, according to the study. Instead, organizations can design content-aware interventions, like nudges that adapt to the type of phishing attempt.” 

For example, some phishing emails focus on gain — i.e., “Claim your gift card now.” Others are based on loss: “Your account will be blocked in 24 hours.”

This all sounds good in theory. But companies must have the ability to identity phishing emails, drill down to that granular level and send real-time alerts.

This study was conducted with 977 participants. According to the report: “Participants memorized work-related details or numbers (their ‘primary task’) while being asked to spot phishing messages (a 'secondary task'). "

The authors offer these tips for employers, IT managers and security trainers:  

• Embed nudges into daily tools, from Outlook banners to Slack or Teams integrations.
• Customize by content: Deliver more reminders for tempting, reward-based scams. 
• Train for reality: Most phishing training assumes undistracted users, but real-world employees always multitask, so training should reflect that.