A Multi-Layer Behavioral Framework for Phishing Resilience: Cognitive, Affective, Social, and Organizational Dynamics in the Era of AI-Driven Deception

Phishing succeeds not only through technical exploitation but by targeting how people think, feel, and interact at work. This paper synthesizes research across psychology, human-computer interaction, organizational studies, and security to explain how phishing susceptibility and resilience emerge from interacting cognitive, emotional, social, and structural factors. Resilience is framed as a flexible capacity to detect and manage deceptive communication under distraction, pressure, and relational expectations. The analysis also considers how AI-driven phishing—especially messages generated by large language models—reduces familiar warning cues and enables more convincing impersonation. Using a structured scoping review, we propose a four-layer behavioral framework that integrates heuristic processing, emotional arousal, misplaced trust, and organizational norms. The paper translates these insights into training pathways emphasizing metacognitive awareness, emotional regulation, trust calibration, and supportive workplace design, and concludes with implications for strengthening behavioral resilience against evolving AI-mediated threats.