Communications of the ACM

Home/News/The Phish Scale: NIST-Developed Method Helps IT Staff.../Full Text

ACM TechNews

The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails

By NIST
September 18, 2020
Comments

View as: Print Mobile App Share:

Illustration for the Phish Scale. — U.S. National Institute of Standards and Technology researchers have developed the Phish Scale to help organizations train employees to avoid being deceived by seemingly trustworthy emails.

Credit: NIST

Researchers at the U.S. National Institute of Standards and Technology (NIST) have developed the Phish Scale, which could help organizations better train their employees to avoid being deceived by seemingly trustworthy emails.

The scale is designed to help information security officers better comprehend click-rate data, in order to gauge phishing training programs' effectiveness more accurately.

NIST's Michelle Steves said, "The Phish Scale is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect."

The scale employs a rating system based on message content in a phishing email, highlighting five elements rated on a 5-point scale associated with the scenario's premise.

Trainers use the overall score to analyze their data and rank the phishing exercise's difficulty level as low, medium, or high.

From NIST
View Full Article

No entries found

The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails

3D-Printed Foam Could Boost Helmet Protection

Leveraging Professional Ethics for Responsible AI

Tokenomy of Tomorrow: Envisioning an AI-Driven World