Neil, L.
, Dawkins, S.
, Jacobs, J.
and Sharp, J.
(2023),
Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues, Proceedings of the Nineteenth Symposium on Usable Privacy and Security, Anaheim, CA, US, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956178
(Accessed October 24, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues
Published
Author(s)
, , ,
Abstract
Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues. However, there are no metrics aimed at classifying the saliency of these visual cues. In this research, we analyzed different types of cues present in real-world phishing emails. The most common cues and cue types are presented, along with the frequency of their use in real-world phishing emails.Proceedings Title
Proceedings of the Nineteenth Symposium on Usable Privacy and Security
Conference Dates
August 6-8, 2023
Conference Location
Anaheim, CA, US
Conference Title
Nineteenth Symposium on Usable Privacy and Security
Pub Type
Conferences
Download Paper
Keywords
NIST Phish Scale, phishing, usable cybersecurity, cybersecurity awareness training
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created August 7, 2023, Updated September 14, 2023