![[Adobe Stock]](https://sp-ao.shortpixel.ai/client/to_webp,q_glossy,ret_img,w_750,h_375/https://www.psypost.org/wp-content/uploads/2025/08/computer-scam-750x375.jpg)
A new study published in The Journal of Psychology offers evidence that individuals who score higher on socially antagonistic personality traits may be more prone to falling for email phishing scams. The research suggests this susceptibility may be explained, at least in part, by a deficit in social awareness—a component of social intelligence that helps individuals recognize others’ intentions. The findings challenge the idea that manipulative or self-serving people are inherently savvy about deception and instead indicate that such traits may make them easier to exploit.
Phishing emails are a leading cause of cybersecurity breaches around the world. These scams often use social engineering to trick individuals into revealing sensitive information, clicking malicious links, or downloading harmful attachments. Although these emails rely more on exploiting human error than breaking technical firewalls, only a fraction of people actually fall for them. This discrepancy has led researchers to explore what psychological characteristics predict susceptibility.
Among the more provocative hypotheses in the literature is the suggestion that people who exhibit traits associated with the Dark Triad—narcissism, Machiavellianism, and psychopathy—might be especially vulnerable to phishing. These personality traits are often studied in the context of how they enable people to manipulate or exploit others. But some researchers have speculated that these same traits might also make individuals more likely to be deceived, particularly if they impair social awareness or lead to overconfidence.
Previous studies have produced mixed results. Some have found that people with higher levels of narcissism are more likely to trust or respond to scam emails. Others have found no meaningful connection between Dark Triad traits and phishing behavior. A common limitation of these earlier studies was the use of unidimensional personality measures, which do not account for the fact that each Dark Triad trait can manifest in different ways.
The new study, led by William Hart and colleagues at the University of Alabama, aimed to provide a more fine-grained analysis. The researchers examined how specific subtypes of each Dark Triad trait relate to phishing susceptibility, while also considering the potential mediating role of social awareness.
“In addition to trying to understand the personality correlates of one of the most costly types of cyberattacks, we were intrigued by the paradoxical idea that individuals high in ‘dark’ personality traits—people often thought of as manipulators or exploiters—might themselves be more likely to fall for phishing scams,” said Hart, an associate professor. “We suspected this vulnerability might be explained not by gullibility in the traditional sense, but by deficiencies in social awareness, meaning that people high in these traits may fail to appropriately consider others’ motives and intentions.”
The study included 461 undergraduate students, most of whom were female and white, and between the ages of 18 and 19. Participants completed the study online and were compensated with partial course credit. The researchers administered a series of validated questionnaires and behavioral tasks designed to measure Dark Triad traits, social intelligence, cognitive reflectiveness, and susceptibility to phishing.
Each Dark Triad trait was assessed using multidimensional scales. Machiavellianism was measured in terms of “tactics” (manipulative behavior) and “views” (cynical distrust). Narcissism was divided into “rivalry” (antagonistic self-enhancement) and “admiration” (agentic self-promotion). Psychopathy was broken down into interpersonal manipulation, callousness, erratic lifestyle, and criminal tendencies.
To assess social intelligence, the researchers used a scale that distinguishes between two components: social awareness and social information processing. Social awareness refers to sensitivity to social cues and awareness of others’ motivations, while social information processing refers to the ability to analyze and use that social information effectively.
Participants also completed a version of the Cognitive Reflection Test, which measures the tendency to override intuitive but incorrect responses in favor of more reflective thinking. Phishing susceptibility was evaluated using 12 real-looking scam emails. Participants rated each email on how likely they would be to respond, how trustworthy they found it, and how persuasive it seemed. These ratings were combined into a composite phishing susceptibility score.
Initial analyses found that most Dark Triad facets were not directly associated with phishing susceptibility. Only one trait—admiration, the agentic form of narcissism that emphasizes self-promotion and uniqueness—showed a small positive correlation with phishing vulnerability. In other words, people high in narcissistic admiration were slightly more likely to rate scam emails as credible or respond to them.
However, when the researchers looked deeper, they found a pattern. Nearly all of the Dark Triad facets were indirectly associated with greater phishing susceptibility, and this link was explained by lower levels of social awareness. That is, people with higher levels of traits like Machiavellian cynicism, psychopathic callousness, or narcissistic rivalry tended to score lower on social awareness, which in turn made them more vulnerable to phishing scams.
“The consistency of the findings across all the facets of each dark trait was somewhat surprising,” Hart told PsyPost. “Nearly all facets of Machiavellianism, psychopathy, and narcissism showed indirect links to phishing susceptibility through social awareness. These facets do not always predict similar outcomes like that.”
This held true even when controlling for cognitive reflection and social information processing. Social awareness—not intelligence in general or cognitive caution—emerged as a key factor. The one partial exception was admiration. While it was weakly linked to phishing both directly and through social awareness, the indirect effect was only marginally significant.
The study’s regression models further supported these findings. Social awareness and cognitive reflectiveness both predicted lower phishing susceptibility, while most of the Dark Triad facets did not show unique effects once these other variables were included.
Taken together, these results suggest that deficiencies in social awareness are a common thread linking various antisocial traits to increased vulnerability to phishing. These findings also help reconcile earlier mixed results by showing that the apparent absence of direct effects can mask underlying associations mediated by social intelligence.
The results provide evidence that individuals with higher levels of socially aversive traits may not be as immune to manipulation as stereotypes suggest. On the contrary, their lower sensitivity to others’ intentions might make them more likely to fall for socially engineered scams.
“People higher in traits like narcissism, psychopathy, and Machiavellianism were more likely to fall for phishing scams, but this link was explained largely by their lower social awareness rather than the traits themselves,” Hart explained. “It was the ability to detect subtle social cues and consider others’ motives, which is diminished in people higher in these traits, that seemed to play a key role in protecting people from being scammed. Although our effects tended to be small, there may be some benefit to improving social awareness; people may want to pause and consider the sender’s intentions prior to responding to reduce the chances of being victimized.”
There are some limitations to take into account. The sample consisted entirely of college students, which may limit the generalizability of the results to older or more diverse populations. In addition, all measures were based on self-report, which can introduce bias. Future research could use task-based or observational assessments of social awareness and phishing behavior to build on these findings.
Another direction for future research could involve testing how these relationships hold in real-world contexts. For instance, do people high in Dark Triad traits click more often on actual scam emails outside the lab? Do interventions aimed at improving social awareness reduce this tendency?
The study, “Phishing in the Dark: Dark Personality is Associated with Phishing Susceptibility Due to Decreased Social Awareness,” was authored by William Hart, Joshua T. Lambert, and Braden T. Hall.
