Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updates 2023

The NIST Phish Scale User Guide is Now Available!
November 20, 2023

The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide.  

The Phish Scale is a method designed to rate an email’s human phishing detection difficulty. It has been adopted by organizations globally to provide an additional metric in their phishing awareness training programs. Phishing training implementers, who run these programs, use the Phish Scale to provide context to the click rate and report rate results from their simulated phishing exercises. 

This Phish Scale User Guide is intended for use by practitioners and provides instructional step-by-step guidance on how to apply the Phish Scale in their phishing awareness training programs. It provides background and components of the NIST Phish Scale, detailed cue descriptions, interpretation of phish scale results, and an interactive NIST Phish Scale Worksheet to apply the Phish Scale to phishing emails.  

Email human-cybersec@nist.gov with any questions. Learn more about the NIST Phish Scale and the Human-Centered Cybersecurity program’s phishing research.

Related Topics

Security and Privacy: behavior, general security & privacy, threats, usability

Created November 17, 2023, Updated November 20, 2023