You're wrapping up a document, keeping three client names in your head, when your email notification pops up. You quickly scan it-it looks like your bank needs you to verify something. Click. Done. Back to work.
Sound familiar? That split second when you're juggling multiple thoughts is exactly when hackers want to reach you. New research from McMaster University confirms what many of us suspected but hoped wasn't true: we make our worst security decisions when our brains are already busy with something else. The study found that people who were asked to remember information while reviewing emails showed significantly worse judgment about which messages were real and which were traps. When participants held eight digits in memory, rather than just two, their ability to spot phishing attempts dropped significantly.
Here's what makes this finding so troubling for all of us. We don't check emails during quiet, focused moments. We scan them between phone calls, during closings, while reviewing contracts, or when managing multiple transactions simultaneously. Our brains are already loaded with property addresses, closing dates, wire instructions, and client details. That's precisely when a convincing phishing email about a wire transfer change or an urgent document request slips through our defenses.
The researchers explain it using a theory called Memory-for-Goals. Basically, when your attention shifts from one task to another, the mental reminder to "check this carefully" fades from your mind. You have to recall that goal before you can apply it actively. According to this theory, the cognitive task of reviewing emails for potential threats must be actively maintained in mind, as it can be easily overshadowed when working memory is already occupied with other demands.
The good news - study found that simple reminders work. When people received a brief prompt to watch for phishing right before checking their emails, their detection accuracy improved, especially for messages offering rewards such as refunds or prizes. These "gain-framed" messages are particularly dangerous because they sound positive and don't trigger our natural suspicion the way threatening messages do.
Here are your takeaways:
- Never process wire instructions or financial requests when you're juggling other tasks. Stop what you're doing, clear your head, and give it your full attention
- Build a mental pause before clicking on any link or attachment. Count to three and ask yourself: "Am I focused right now, or am I splitting my attention?"
- Create external reminders for yourself. A sticky note on your monitor saying "Verify before clicking" serves the same purpose as the prompts in the study
- Verify via a different channel whenever you're busy or receive an unexpected request. If an email arrives during a hectic moment, pick up the phone and call using a number you already have-not one from the email
- Schedule specific times to check and process important emails, rather than responding immediately when notifications arrive while you're working on other tasks. Outlook allows you to automatically find the time and block a "focus time" on your calendar - change "focus time" to "catch up on messages" and voila
This explains why even experienced professionals fall for wire fraud schemes. It's not ignorance-it's mental overload at exactly the wrong moment. An escrow officer managing five transactions simultaneously is far more vulnerable than the same person reviewing emails during a quiet afternoon.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------