Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Human-Centered Cybersecurity

Phishing

Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government.

Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our projects provide insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions. Recent efforts have focused on the NIST Phish Scale, a method for rating the human detection difficulty of phishing emails considering both the characteristics of the email and the user context of the email's recipient. 

 

Publications


Papers

NIST Phish Scale User Guide paper icon - Shaneé Dawkins & Jody Jacobs. NIST Technical Note 2276 (2023).

How to Scale a Phish: An Investigation Into the Use of the NIST Phish Scale (Poster Abstract) poster icon  - Shaneé Dawkins & Jody Jacobs. Poster session at Symposium on Usable Privacy and Security (SOUPS) (2023).

Scaling the Phish: Advancing the NIST Phish Scale paper icon - Fernando Barrientos, Jody Jacobs, & Shaneé Dawkins. Poster session at International Conference on Human-Computer Interaction (HCII) (2021).

Categorizing Human Phishing Difficulty: A Phish Scale paper icon - Michelle P. Steves, Kristen K. Greene, & Mary F. Theofanos. Journal of Cybersecurity (2020)

A Phish Scale: Rating Human Phishing Message Detection Difficulty paper icon - Michelle P. Steves, Kristen K. Greene, & Mary F. Theofanos. Proceedings of the Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium (2019)

Presentations

Can You Spot a Phish? presentation icon - Jody Jacobs. Presented at Department of the Air Force Blue Cyber Education Series for Small Business (September 26, 2023)

Phishing for User Context: Understanding the NIST Phish Scale presentation icon Recorded presentation video icon- Shaneé Dawkins. Presented at FISSEA Summer Forum (August 23, 2023).

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness  presentation icon  Recorded presentation video icon - Shaneé Dawkins & Jody Jacobs. Presented at RSA Conference (April 25, 2023). 

The NIST Phish Scale: Method for rating human phishing detection difficulty (tutorial) presentation icon - Shaneé Dawkins & Jody Jacobs. Presented at Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) (February 2021).

The New NIST Phish Scale, Revealing Why End Users Click  presentation icon - Shaneé Dawkins, Kristen Greene, & Jody Jacobs. Presented at SecureWorld Expo (2020)

Videos

Introducing Phish Scale video icon (2020)

Blogs

Recognizing and Reporting Phishing - Cybersecurity Awareness Month (2023)

My Research Can Help Protect You -- and Your Company -- From Hackers Trying to Steal Your Money and Information (2023)

Cybersecurity Awareness Month: Fight the Phish (2021)

The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails (2020)

Staff Spotlight: NIST Usable Cybersecurity Featuring Kristen Greene (2020)

Podcasts

Cybercrime Magazine Podcast: The Phish Scale. A new method for training employees (2020)

 

Papers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues (Poster Abstract)  poster icon - Lorenzo Neil, Shaneé Dawkins, Jody Jacobs, & Julia Sharp. Poster session at Symposium on Usable Privacy and Security (SOUPS) (2023).

No Phishing Beyond This Point paper icon  - Kristen Greene, Michelle Steves, & Mary Theofanos. IEEE Computer (2018)

User Context: An Explanatory Variable in Phishing Susceptibility paper icon  – Kristen K. Greene, Michelle P. Steves, Mary F. Theofanos, & Jennifer Kostick. Proceedings of the Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium (2018)

Exploratory Lens Model of Decision-Making in Potential Phishing Attack Scenario paper icon - Franklin Tamborello & Kristen Greene. NISTIR 8194 (2017)

Presentations

ISPAB presentation - User Context: An Explanatory Variable in Phishing Susceptibility presentation icon- Kristen Greene, Michelle Steves, & Mary Theofanos. (June 21, 2018)

Videos

You've Been Phished video icon (2018)

 

Created November 17, 2016, Updated March 26, 2024