Cybersecurity breaches often target human psychological vulnerabilities.

Cyber threats affect millions.

Cybersecurity is an important new career opportunity.

Media psychology is fundamental in cybersecurity.

Cyber threats are are not only ominous and real, affecting millions of citizens, but growing in sophistication and frequency. Cybersecurity breaches often target human vulnerabilities.

Media psychology, particularly the study of how and why people perceive, process, and act on digital information—offers key insights into why individuals fall for cyber manipulation. In my media psychology courses, we study more than 50 theories that may apply to cybersecurity situations and how they can be used to protect against breach and manipulation. Among the 50 are the following five.

Cyber attackers frequently embed persuasion cues such as authority, urgency, and scarcity into their phishing messages. During the COVID‑19 pandemic, for example, the FBI discovered a spike in phishing emails impersonating corporate IT departments by having subject lines like “Mandatory Password Reset—Action Required Immediately.”

Attempts such as this use the appeal of authority and urgency to increase user compliance.[1] The obvious goal of the deceivers was to persuade a user to provide a password for unsavory purposes. Protecting against this type of deception is fundamental in the cybersecurity of systems design.

2. Attention and Cognitive Confusion

Media psychology postulates that attention is limited and also easily disrupted. Attackers exploit moments of distraction by creating strategic multitasking. For example, a Google/Jigsaw study found that users are twice as likely to click phishing links when cognitively overloaded with tasks and messages. [2] This demonstrates how the design of code layers for purposes of confusion increases susceptibility.

Expressing bias shapes how people react to digital messages, often leading to predictable errors. For example, a UPS/FedEx phishing wave succeeded because attackers exploited confirmation bias (people expected package delays) and optimism bias (believing they were unlikely targets).[3]

Emotionally charged content triggers pressure on decision‑making, bypassing analytical reasoning. For example, cybersecurity research reveals breaches caused by tech support scams through the use of alarming pop‑up messages, such as,“Your device is infected—call support immediately.” [4] The media psychology here identifies how fear-based appeals entice users into compliance with false requests.

5. Social Identity and Group Influence

People trust messages that appear to come from their in-group because they have familiar communication patterns. For example, The Department of Justice reported that at the 2016 Democratic National Committee, a major breach succeeded partly because phishing emails mimicked legitimate internal communication styles, in which social identity cues were used to reduce suspicion. [5] Perpetrators persuaded receivers to respond to false messages of perceived legitimacy.

Cybersecurity is an increasingly important new-collar job and career opportunity. Media psychology is fundamental in cybersecurity because it explains why users fall for digital manipulation.

Cyber threats are rampant, and, as they design new systems to properly protect consumers, cybersecurity experts must understand and work with theories in media psychology. Cybersecurity is an increasingly important field and offers new-collar career opportunities.

Experts in cybersecurity trumpet a major admonition to “pay thoughtful attention.” Development of education programs in cybersecurity is increasingly important, and, because behavior matters, media psychology is an important subject in the technical design of systems.

Within the American Psychological Association, members of the Society for Media Psychology and Technology, Media Psychology, Division 46, study and report on the nature and application of media psychology in cybersecurity design.

1. Federal Bureau of Investigation. Public Service Announcement: COVID‑19 Related Phishing Attacks. FBI Internet Crime Complaint Center (IC3), 2020.

2. Google & Jigsaw. The Phishing Playbook: Understanding User Susceptibility. Google Security Research Report, 2019.

3. Proofpoint. 2021 State of the Phish Report. Proofpoint Cybersecurity Research, 2021.

4. Federal Trade Commission. Tech Support Scams: Consumer Sentinel Network Data Book. FTC, 2018.

5. U.S. Department of Justice. Report on the Investigation into Russian Interference in the 2016 Presidential Election, Vol. I, 2019.

© Psychology Today