This study addresses the critical gap in cybersecurity research concerning marginalized populations by investigating how linguistic triggers—particularly English proficiency and pragmatic features—influence susceptibility to phishing attacks among African refugee and migrant students. Employing a mixed-methods approach, it integrates digital literacy workshops, controlled phishing experiments, and comparative analysis across refugee and local student cohorts, grounded in social engineering and applied linguistics frameworks. Results demonstrate that while digital training enhances general security awareness, limited English proficiency and underdeveloped digital competencies significantly increase phishing vulnerability among refugees. Notably, data leakage occurred across all groups, underscoring the universal need for critical cybersecurity literacy. The study makes three key contributions: (1) it is the first to empirically examine phishing susceptibility specifically within African refugee communities; (2) it advances methodological innovation by integrating linguistic analysis into cybersecurity intervention design; and (3) it provides evidence-based recommendations for inclusive, multilingual anti-phishing strategies and policy frameworks that center marginalized users.

Phishing and sophisticated email-based social engineering attacks disproportionately affect vulnerable populations, such as refugees and immigrant students. However, these groups remain understudied in cybersecurity research. This gap in understanding, coupled with their exclusion from broader security and privacy policies, increases their susceptibility to phishing and widens the digital security divide between marginalized and non-marginalized populations. To address this gap, we first conducted digital literacy workshops with newly resettled African refugee populations (n = 48) in the US to improve their understanding of how to safeguard sensitive and private information. Following the workshops, we conducted a real-world phishing deception study using carefully designed emails with linguistic cues for three participant groups: a subset of the African US-refugees recruited from the digital literacy workshops (n = 19), African immigrant students in the US (n = 142), and a control group of monolingual US-born students (n = 184). Our findings indicate that while digital literacy training for refugees improves awareness of safe cybersecurity practices, recently resettled African US-refugees still face significant challenges due to low digital literacy skills and limited English proficiency. This often leads them to ignore or fail to recognize phishing emails as phishing. Both African immigrant students and US-born students showed greater caution, though instances of data disclosure remained prevalent across groups. Our findings highlight, irrespective of literacy, the need to be trained to think critically about digital security. We conclude by discussing how the security and privacy community can better include marginalized populations in policy making and offer recommendations for designing equitable, inclusive cybersecurity initiatives.