What’s “phish fatigue”?

Phish fatigue is decreased vigilance from constant exposure to **phishing** attempts and security warnings. Users become desensitized, treating warnings as noise rather than actionable alerts.

Contributing factors: too many false positives, excessive security warnings, complicated reporting procedures, and lack of feedback on reports. When everything seems urgent, nothing is.

Mitigation: reduce false positive rates, streamline reporting, provide feedback showing reports matter, and balance security messaging volume. Quality of alerts matters more than quantity.