The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide.
The Phish Scale is a method designed to rate an email’s human phishing detection difficulty. It has been adopted by organizations globally to provide an additional metric in their phishing awareness training programs. Phishing training implementers, who run these programs, use the Phish Scale to provide context to the click rate and report rate results from their simulated phishing exercises.
This Phish Scale User Guide is intended for use by practitioners and provides instructional step-by-step guidance on how to apply the Phish Scale in their phishing awareness training programs. It provides background and components of the NIST Phish Scale, detailed cue descriptions, interpretation of phish scale results, and an interactive NIST Phish Scale Worksheet to apply the Phish Scale to phishing emails.
Email human-cybersec [at] nist.gov (human-cybersec[at]nist[dot]gov) with any questions. Learn more about the NIST Phish Scale and the Human-Centered Cybersecurity program’s phishing research.