Phish Scale: New method helps organizations better train their employees to avoid phishing

2020-09-21 04:30

Researchers at the National Institute of Standards and Technology have developed a new method called the Phish Scale that could help organizations better train their employees to avoid phishing.

Many organizations have phishing training programs in which employees receive fake phishing emails generated by the employees' own organization to teach them to be vigilant and to recognize the characteristics of actual phishing emails.

By using the Phish Scale to analyze click rates and collecting feedback from users on why they clicked on certain phishing emails, CISOs can better understand their phishing training programs, especially if they are optimized for the intended target audience.

All of the data used for the Phish Scale came from NIST. The next step is to expand the pool and acquire data from other organizations, including nongovernmental ones, and to make sure the Phish Scale performs as it should over time and in different operational settings.

"Does the Phish Scale hold up against all the new phishing attacks? How can we improve it with new data?" NIST researcher Shaneé Dawkins and her colleagues are now working to make those improvements and revisions.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ArGBySz0aBo/

#phish #phishing