# Understanding phishing discussions on stack overflow and information security stack exchange

**Authors:** Kholoud Althobaiti, Mohammad Tahaei

PMC · DOI: 10.1038/s41598-025-33568-5 · Scientific Reports · 2025-12-23

## TL;DR

This paper explores how developers and security professionals discuss phishing on Stack Overflow and Information Security Stack Exchange to understand their challenges and approaches.

## Contribution

The study introduces the Developer Phishing Engagement Framework, offering a new perspective on phishing from a developer-centric viewpoint.

## Key findings

- Stack Overflow discussions focus on implementation issues and usability of phishing defenses.
- Information Security Stack Exchange emphasizes post-incident analysis and ethical concerns.
- Developers face workflow friction due to inconsistent practices and opaque security tools.

## Abstract

Phishing remains a prevalent cybersecurity threat. Given its impact, it is important to understand how technically skilled users interpret and respond to such threats. This paper examines how developers and security professionals discuss phishing on Stack Overflow (SO) and Information Security (IS) Stack Exchange in order to understand their concerns, pain points, and investigative practices. We qualitatively analyzed 140 phishing-related questions (60 from SO and 80 from IS) using inductive open coding and developed the Developer Phishing Engagement Framework, which organizes developer activities into four layers: prevention, detection and reporting, mitigation, and planning. Across the two platforms, we find complementary emphases: SO posts focus on implementation hurdles, false positives, and the usability of defenses, whereas IS posts concentrate on post-incident analysis, impact, and ethical considerations around phishing simulations. Developers demonstrate a strong threat mindset but still face workflow friction caused by inconsistent organizational practices, opaque anti-phishing tools, and security measures that conflict with legitimate workflows. Our findings contribute a developer-centered view of phishing that complements existing user-focused models and provides guidance for designing more realistic anti-phishing tools, training, and organizational policies.

## Full-text entities

- **Diseases:** pain (MESH:D010146), attacks (MESH:D009203), blindness (MESH:D001766)
- **Chemicals:** SO23 (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12848066/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12848066/full.md

## References

64 references — full list in the complete paper: https://tomesphere.com/paper/PMC12848066/full.md

---
Source: https://tomesphere.com/paper/PMC12848066