This analysis reviews Adu-Manu et al.’s interdisciplinary study on phishing, emphasizing how psychological triggers, social behavior, and institutional shortcomings make users vulnerable. It explores how phishing relies more on exploiting human trust than on technical flaws, arguing that lasting solutions must combine user education, organizational policy, and technological tools.
Nicholas Dorsey
03 Aug 2025
Introduction
Phishing has been recorded as one of the most risky and frequent cyber threats due to its human factor of infiltration as opposed to computer vulnerability. Phishing significantly relies on appeals to trust, fear, or urgency, but not direct exploitation of software or networks. Adu-Manu et al. (2022) examine the working mechanisms of phishing and other social engineering attacks in terms of how these practices are carried out to trick users into giving up unauthorized access. According to Adu-Manu et al. (2022), mere technical solutions are not enough. Alternative and more successful defenses must be based on a deeper understanding of human behavior and the social environment. This review discusses how the article connects to social science, the methods and research data analyzed, and the consequences of the findings on public policy, education, plus marginalized groups of people, in general.
Relationship to Social Science Principles
The article by Adu-Manu et al. (2022) shows a significant interdependence of the concept of phishing with the fundamental concepts in the field of social sciences. The article puts much emphasis on the idea that cyberattacks are based on foreseeable human traits as opposed to technical deficiencies, as it fits theories in the psychological field. Phishers employ characteristics like fear, emotion, trust, inquisitiveness, and urgency to exploit victims, and this reflects the relevance of behavioral science towards learning about phishing. They also expose the way social dynamics influence user reactions, especially in such diverse strategies as posing as authority or eliciting an emotional response, and they are not a novelty in sociology or the science of communication. The article highlights institutional weakness, noting that the number of organizations that have no practical training and awareness programs is significant. The failure indicates that the issue has influenced the systemic problems of administrative decision-making, policy enforcement, and organizational culture. It is fundamental to academic areas such as political science and public administration. Adu-Manu et al. (2022) insist that effective cybersecurity measures should transcend technology and work with the behavioural aspects of both individuals and institutions in the real world. Such interdisciplinary research would facilitate a better, humanistic defense of such shifting cyber threats.
Research Questions and Hypotheses
Adu-Manu et al. (2022) examine phishing as a multi-faceted socio-technical problem that necessitates solutions beyond the scope of conventional cybersecurity. The paper aims to determine the most prevalent types of phishing attacks, how human nature can predispose such an attack to succeed, and what mitigation is most effective between technical, social, or combined responses. At the core of the arguments presented by Adu-Manu et al. (2022) is the fact that cybersecurity should not be limited to the use of digital instrumentation and software. They hypothesize that over-reliance on technological defenses makes an individual susceptible to phishing attacks because most phishing attacks target the user, not the system. There are emotional triggers, belief in authority, and unawareness of the user bases that are used by the phishers to fool one. With their definition of phishing as an issue in technology and yet in behavior, the authors urge a seamless approach to control phishing that will enable two weak links, the human and system levels, to be addressed in an intervention. They emphasize user training, awareness creation, institutional strategies, and technology in synchronization to minimize the risk. This broader, more interdisciplinary lens allows focusing the discourse beyond technical solutions to more lasting, people-based approaches.
Research Methods
Adu-Manu et al. (2022) use a Multivocal Literature Review (MLR) concept to explore how the current phishing attacks are evolving and their impact on the social domain in general. By utilizing this technique, Adu-Manu et al. (2022) can include scholarly and grey literature, broadening and diversifying the perspectives. The review is anchored on the period of 2013 to 2023 and would rely on database research like IEEE, Scopus, Springer, Google Scholar, and organizational reports. Adu-Manu et al. (2022) employed structured Boolean search strings in retrieving relevant studies, and as such, a focused and systematic process of data collection was achieved. The review addresses the significant themes that consist of phishing tactics, user psychology, detection systems based on machine learning, and cybersecurity policies, as well as real-life case studies. The use of non-academic literature, like government publications and industry reports, is what makes this work superior to many purely technical reviews. This wider dimension provides a more sensible and practical insight into the mechanics of phishing within the digital and human realm. This produces an interdisciplinary and balanced discussion of phishing as both a social and technological threat.
Types of Data and Analysis
Adu-Manu et al. (2022) employ a qualitative and quantitative analysis to discuss the potential of framing phishing as a multidimensional threat. The qualitative part contains clustering of phishing tactics about the mode of delivering the attack, the level of manipulation applied, and the behavioral characteristics manipulated. Adu-Manu et al. (2022) discuss different types of attacks, including email phishing, vishing, and QRishing, and relate them to emotion-based misuse through fear, curiosity, and urgency. They also provide figures to verify the magnitude of the issue, as phishing attempts were observed to increase significantly during the COVID-19 pandemic, with over 600,000 phishing sites being detected in one quarter alone. This information reaffirms the fast-growing nature of phishing attacks and their adaptability. Adu-Manu et al. (2022) also examine the scope of possible countermeasures, classifying them into user-level interventions, including education and awareness training, and device-level solutions, including machine learning algorithms, blacklist systems, and URL similarity detection. The strengths and weaknesses of each of these methods are well discussed, giving an obvious picture of defense strategies today and how they are limited in real life.
Course Concepts Related to the Article
The article by Adu-Manu et al. (2022) closely matches some of the main concepts we explored in class. It effectively shows how human behavior affects cybersecurity risk by displaying that fears, greed, and curiosity are commonly manipulated during a phishing attack. The paper also supports the notion that phishing is the most pervasive type of social engineering attack, with the attacker attempting to take advantage of psychological and social stimuli to mislead users, an aspect of our coursework. Another key theme is cyber hygiene, where Adu-Manu et al. (2022) discuss the role of education, awareness, and institutional policies in establishing a security-minded culture. The article accentuates that organizational drawbacks and cultural deficiencies raise the level of vulnerability, drawing on the classroom talks on power relationships and institutional failure in organizations. These interconnections make social science more relevant in cybersecurity.
Relevance to Marginalized Groups
Although Adu-Manu et al. (2022) focus on the problem of race, gender, and class, none of these issues are explicitly addressed. The article illustrates a few implications for the marginalized groups. It stresses that people who have low digital literacy, usually older citizens, citizens living in poor neighborhoods, or those who lack educational opportunities, are more prone to phishing attacks. These populations might be unaware of cybersecurity threats or have limited resources that provide appropriate training, making those groups easy targets. The article also mentions frauds that exploit empathy, especially in times of crisis such as the COVID-19 pandemic. In this scenario, attackers were posing as nonprofit institutions to defraud donors who were mainly part of vulnerable or supportive socialist categories. These instances demonstrate that cybersecurity can be heightened in the context of social inequalities. The article also shows that phishing is disproportionately impacting underrepresented and disadvantaged groups, although it is not a primary focus.
Societal Contributions
Adu-Manu et al. (2022) make valuable contributions to the general direction of cybersecurity research, highlighting the importance of human-centered solutions. The article proposes a higher level of education policy and, at the same time, suggests that educational establishments should include phishing awareness and behaviour training in their periodic cybersecurity course. It also highlights the importance of mass awareness campaigns to demystify guidelines on how emotions are used in phishing activities. In policy terms, the paper directs our gaze to the Cybersecurity Act (2020) of Ghana as the ideal example of governmental action. The article redefines cybersecurity not only as a technological problem but also as a behavioural problem. The article cites user behavior as the biggest flaw in digital security, but it states that it can be remedied with appropriate education, system design, and institutional reinforcement.
Conclusion
Adu-Manu et al. (2022) offer an interdisciplinary exploration of phishing and its historical origins in human nature, psychological tricks, and social circumstances. The article discusses the different types of attacks, user weaknesses, and the organizational conditions that enable phishing to succeed. It brings into focus the fact that cybersecurity problems are not solved by the application of technology only, but demand knowledge of official science concepts such as behavior, communication, and institutional responsibility. This view is more pertinent than ever before in today’s world, as we go digital, particularly in the wake of COVID-19 and the expanded online presence. People should be trained and systems architected to understand how humans behave. The article advocates transitioning in mindset: robust cybersecurity may require a combination of technical solutions and cultural awareness, policy change, and education to develop lasting digital resilience.
References
Adu-Manu, K. S., Ahiable, R. K., Appati, J. K., & Mensah, E. E. (2022). Phishing attacks in social engineering: a review. system, 12(17), 18. http://dx.doi.org/10.32604/jcs.2023.041095