Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in digital communication. It is a type of cyber attack often successful because users are not aware of their vulnerabilities or are unable to understand the risks. This article presents a systematic literature review conducted to draw a “big picture” of the most important research works performed on human factors and phishing. The analysis of the retrieved publications, framed along the research questions addressed in the systematic literature review, helps in understanding how human factors should be considered to defend against phishing attacks. Future research directions are also highlighted.

中文翻译：

---

网络钓鱼攻击中的人为因素：系统文献回顾

网络钓鱼是通过将自己伪装成数字通信中的可信赖实体来欺诈性地尝试获取敏感信息。这是一种通常会成功的网络攻击，因为用户没有意识到自己的漏洞或无法理解风险。本文介绍了系统的文献综述，旨在描绘关于人为因素和网络钓鱼的最重要研究工作的“大图”。根据系统文献综述中解决的研究问题对检索到的出版物进行分析，有助于了解应如何考虑人为因素来防御网络钓鱼攻击。还强调了未来的研究方向。