Phishing threats are real and are ever increasing in their reach and devastating effects. This study delves into the role of cognitive processing in detecting and curtailing phishing attacks. The proposed model is grounded on the Elaboration Likelihood Model and is tested empirically using data from 192 cases. Data was collected through direct observations of phishing susceptibility and self-reported questionnaires after staging a phishing attack targeting a university population in Nairobi, Kenya. The model was found to have excellent fit and was able to account for 50.8% of a person's cognitive processing of a phishing attack, 69.5% of their ability to detect phishing threats and could predict 28% of their actual phishing susceptibility. Analysis was done to test 25 hypothesis, and to examine the mediating effects of cognitive processing and threat detection. In addition, multi-group moderation analysis was done to examine if the model was invariant based on the level of knowledge. Results indicate that threat detection has the strongest effect in reducing phishing susceptibility. Threat detection was found to be what explains why people who expend cognitive effort processing phishing communication are less likely to fall for phishing threats. •The model is theoretically grounded on the Elaboration Likelihood Model and examines more constructs than previous work.•Excellent fit achieved.•Analysis involves hypothesis testing and also examining of mediation and moderation effects.•Accounts for 69.5% of an individual's Threat Detection, 50.8% of Elaboration can predict 28% of Phishing Susceptibility.•Threat Detection accounts for strongest effect with regards to reducing phishing susceptibility as compared to Elaboration.