Human-Centered Cybersecurity

Phishing

Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government.

Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our efforts have provided insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions.

Current/recent research projects:

Phish scale - developing a scale to rate the detection difficulty of phishing messages

Past research projects:

Phishing behaviors - understanding why users click or don’t click during phishing training exercises
Phishing lens model - proposed an exploratory computational model of user decision making in a potential phishing attack scenario

Project Links

Overview Events

Additional Pages

About Our Team Media, Podcasts, and Blogs Research Areas Authentication Cryptography Cybersecurity Adoption, Awareness, & Training Internet of Things Phishing Privacy User Perceptions & Behaviors Youth Security Research Publications & Presentations Videos

Contacts

NIST Usable Cybersecurity
usability@nist.gov

Julie Haney
julie.haney@nist.gov

Group

Information Access Division

Topics

Security and Privacy: authentication, behavior, cryptography, general security & privacy, privacy, security programs & operations, usability

Applications: cybersecurity education, cybersecurity workforce, Internet of Things, voting

Created November 17, 2016, Updated September 22, 2023