Cheating, beguiling, and misleading information exist all around us; understanding deception and its consequences is crucial in our information environment. This study investigates deception in phishing emails that successfully bypassed Microsoft 365 filtering system. We devised a model that explains why some people are deceived and how targeted individuals and organizations can prevent or counter attacks. The theoretical framework used in this study is Anderson's functional ontology construction (FOC). The methodology involves quantitative and qualitative descriptive design, where the data source is the set of phishing emails archived from a Tier 1 University. We looked for term frequency-inverse document frequency (Tf-idf) and the distribution of words over documents (topic modeling) and found the subjects of phishing emails that targeted educational organizations are related to finances, jobs, and technologies. Also, our analysis shows the phishing emails in the dataset come under six categories; reward, urgency, curiosity, fear, job, and entertainment. Results indicate that staff and students were primarily targeted, and a list of the most used verbs for deception was compiled. We uncovered the stimuli being used by scammers and types of reinforcements used to misinform the target to ensure successful trapping via phishing emails. We identified how scammers pick their …