During Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has published an article that elaborates on its in-depth research on phishing, revealing tips to keep your personal information safe.
NIST defines phishing as a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.
Authored by scientist Dr. Shanee Dawkins, the article details how through the NIST research project, a method known as the NIST Phish Scale, researchers have identified two major sets of factors that determine whether someone clicks on a phishing email, which include observable cues and user context.
“The observable cues are in the message itself,” Dawkins explains. “Users are generally good at spotting red flags, such as typos, a personal email address instead of a business one, a generic greeting, and more. We’ve identified 23 of these cues that can help users decide if a message is legitimate.” She also noted that user context has to do with your job. “I’m a researcher, so if someone sent me an email to pay an invoice, I could easily spot that as a phish. That’s not my job. But if you sent that same email to someone in accounts receivable who pays invoices, it might be harder for them to detect.”
NIST has also released several important tips to “fight the phish” and keep your personal (or your employer’s) information safe:
Dawkins works in the visualization and usability group at NIST, where she performs research focusing on human-centered design and evaluation guidelines and standards. NIST’s Phish Scale is available for organizations conducting phishing awareness training. Access more on NIST’s Just a Standard Blog page.
ANSI Full Members may submit contributions to [email protected]. All submissions are published at ANSI's discretion, and generally must be a resource that is freely available and/or non-commercial information of significant value to the ANSI community.