Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

Published

Author(s)

Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp

Abstract

Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues. However, there are no metrics aimed at classifying the saliency of these visual cues. In this research, we analyzed different types of cues present in real-world phishing emails. The most common cues and cue types are presented, along with the frequency of their use in real-world phishing emails.
Proceedings Title
Proceedings of the Nineteenth Symposium on Usable Privacy and Security
Conference Dates
August 6-8, 2023
Conference Location
Anaheim, CA, US
Conference Title
Nineteenth Symposium on Usable Privacy and Security

Keywords

NIST Phish Scale, phishing, usable cybersecurity, cybersecurity awareness training

Citation

Neil, L. , Dawkins, S. , Jacobs, J. and Sharp, J. (2023), Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues, Proceedings of the Nineteenth Symposium on Usable Privacy and Security, Anaheim, CA, US, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956178 (Accessed October 9, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 7, 2023, Updated September 14, 2023