LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How does a phishing e-mail look through the lens of Protection Motivation Theory?

A typical phishing mail (e.g. a fake HR request to "validate your bank details in the new portal") is engineered to keep your threat appraisal LOW and your perceived coping ease HIGH — for the attacker's desired action.

Fiktive Phishing-Mail einer angeblichen Bank, die unter Zeitdruck zum Klick auf einen Reset-Link über eine abgewandelte Domain auffordert.

* Anatomie einer Phishing-Mail: gefälschter Absender, fabrizierte Dringlichkeit und ein Köder-Link — das Threat-Appraisal soll niedrig, die Handlung billig wirken. — Isochrone/Belbury, CC BY 4.0, via Wikimedia Commons. *

The example: an "URGENT: update your contact data for payroll" mail, seemingly from the HR department, asks employees to validate their bank details in a new portal via a link, before a deadline.

The attacker plays PMT in reverse:

  • Suppressing threat appraisal: familiar sender (HR), routine business context (payroll), professional layout — nothing feels dangerous
  • Urgency raises the cost of NOT acting: "by 12:00 today, or your salary transfer is delayed" — now the secure behavior (pausing, verifying) carries perceived costs
  • Making the unsafe action easy: one convenient link — minimal Handlungskosten for the click

The defender must flip the same dials: train people to feel the threat in exactly these routine-looking moments (deadline + bank data + link = stop), and give them a coping action cheaper than compliance — e.g. a report button or a known second channel to verify with HR.

Go deeper:

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jul 05, 2026