Sign In

Communications of the ACM

ACM TechNews

The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Illustration for the Phish Scale.

U.S. National Institute of Standards and Technology researchers have developed the Phish Scale to help organizations train employees to avoid being deceived by seemingly trustworthy emails.

Credit: NIST

Researchers at the U.S. National Institute of Standards and Technology (NIST) have developed the Phish Scale, which could help organizations better train their employees to avoid being deceived by seemingly trustworthy emails.

The scale is designed to help information security officers better comprehend click-rate data, in order to gauge phishing training programs' effectiveness more accurately.

NIST's Michelle Steves said, "The Phish Scale is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect."

The scale employs a rating system based on message content in a phishing email, highlighting five elements rated on a 5-point scale associated with the scenario's premise.

Trainers use the overall score to analyze their data and rank the phishing exercise's difficulty level as low, medium, or high.

From NIST
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found