NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

NIST Phish Scale User Guide

Published

Author(s)

Shanee Dawkins, Jody Jacobs

Abstract

The phishing cyber threat exploits vulnerabilities in the U.S. and around the world across private and public sectors. Embedded phishing awareness training programs, where simulated phishing emails are sent to employees, are designed to prepare employees in these organizations to combat real-world phishing scenarios. Cybersecurity and phishing awareness training implementers and practitioners use the results of these programs, in part, to assess the security risk of their organization. The NIST Phish Scale is a method created for cybersecurity and phishing awareness training implementers to rate an email's human phishing detection difficulty as part of their cybersecurity awareness and phishing training programs. This User Guide outlines the Phish Scale in its entirety while providing instructional steps on how to apply it to phishing emails. Further, appendices include 1) worksheets to assist training implementers in applying the Phish Scale and 2) detailed information regarding email properties and associated research in the literature.
Citation
Technical Note (NIST TN) - 2276
Report Number
2276
NIST Pub Series
Technical Note (NIST TN)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.TN.2276
Local Download

Keywords

Business Email Compromise, Cybersecurity, Human-Centered Cybersecurity, Phish Scale, Phishing, Social Engineering, Usable Cybersecurity
Usability and human factors and Information technology

Citation

Dawkins, S. and Jacobs, J. (2023), NIST Phish Scale User Guide, Technical Note (NIST TN), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.TN.2276, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956851 (Accessed October 1, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created November 15, 2023
Was this page helpful?