NIST Phish Scale Assessment

1. Error

Does the message contain inaccurate spelling or grammar use, including mismatched plurality?
Total Number of inaccuracies
Are there inconsistencies contained in the email message?

2. Technical Indicator

Is there a potentially dangerous attachment?
Does a display name hide the real sender or reply-to email addresses?
Is there text that hides the true URL behind the text?
Is a domain name used in addresses or links plausibly similar to a legitimate entity's domain?

3. Visual Presentation Indicator

Are appropriately branded labeling, symbols, or insignias missing?
Do any branding elements appear to be an imitation or out-of-date?
Does the design and formatting violate any conventional professional practices? Do the design elements appear to be unprofessionally generated?
Are any markers, images, or logos that imply the security of the email present?

4. Language and Content

Does the message contain any legal-type language such as copyright information, disclaimers, or tax information?
Does the email contain details that are superfluous or unrelated to the email’s main premise?
Does the message contain a request for any sensitive information, including personally identifying information or credentials?
Does the message contain time pressure to get users to quickly comply with the request, including implied pressure?
Does the message contain a threat, including an implied threat, such as legal ramifications for inaction?
Does the message lack a greeting or lack personalisation in the message?
Does the message lack detail about the sender, such as contact information?

5. Common Tactic

Does the message make an appeal to help others in need?
Does the message offer anything that is too good to be true, such having won a contest, lottery, free holiday and so on?
Does the email offer anything just for you, such as a valentine e-card from a secret admirer?
Does the email offer anything that won't last long or for a finite length of time?
Does the message appear to be a work or business-related process, such as a new voicemail, package delivery, order confirmation, notice of invoice?
Does the message appear to be from a friend, colleague, boss or other authority entity?

Total Phish Scale Score

Score
0.00

Phish Scale Category

Few – the phishing email has a lower number of cues with fewer opportunities to identify
the email as a phish

Some – the phishing email has a moderate number of cues

Many – the phishing email has a higher number of cues, with more opportunities to
identify the email as a phish

Phish Scale Categories:

Total ScoreCategory
1-8Few - The phishing email has a lower number of cues with fewer opportunities to identify
the email as a phish
9-14Some – The phishing email has a moderate number of cues
15+Many – The phishing email has a higher number of cues, with more opportunities to identify the email as a phish

Premise Alignment Scoring

1. Does this element attempt to capture premise alignment with workplace process or practice for the target audience?
2. Does this element attempt to reflect pertinence of the premise for the target audience?
3. Does this element align to other situations or events, even those external to the workplace, lending an air of familiarity to the message?
4. Does this element reflect potentially harmful ramifications for not clicking raise the likelihood to clicking?
5. Does this element reflect targeted training effects that would lead to premise detection?
Premise Alignment Rating
0.00

WEAK - the alignment of the phishing email’s premise to the target audience is low,
making the email less difficult to detect as a phish

MEDIUM - the alignment of the phishing email’s premise to the target audience is
moderate

STRONG - the alignment of the phishing email’s premise to the target audience is high,
making the email difficult to detect as a phish

Detection Difficulty

Very difficult

Moderately difficult

Moderately to Least difficult

Least difficult