NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Phishing for User Context: Understanding the NIST Phish Scale
Published
Author(s)
Shanee Dawkins, Jody Jacobs
Abstract
The NIST Phish Scale is a method for measuring human phishing detection difficulty, providing a metric – a phishing email detection difficulty rating – for phishing training implementers to gain a better understanding of the variability in click rates resulting from their phishing training exercises. This talk will give an overview of the role user context plays in phishing detection and how our research led to the creation of the NIST Phish Scale. We will also present the NIST Phish Scale in detail, highlighting new ways to apply it in phishing awareness programs.
Proceedings Title
Federal Information Security Educators (FISSEA) Summer Virtual Forum 2023
Dawkins, S.
and Jacobs, J.
(2023),
Phishing for User Context: Understanding the NIST Phish Scale, Federal Information Security Educators (FISSEA) Summer Virtual Forum 2023, Gaithersburg, MD, US, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956439
(Accessed October 3, 2025)