Sending phishing emails is one of the avenues for adversaries to gain access to information and cause loss to the organization. The importance of security training awareness lies in the fact that all the adversaries need is a compromised phishing email that can create a major impact on the organization. Processes and tools can help to reduce the volume of emails sent to the users but not after the email has been received by the end-user. Phishing scams are more than 25 years old and they have been continuously evolving including replicating fake websites. Low click rates for simulated phishing emails may not be an ideal measure to test the effectiveness of the training. Also, phishing emails targeted to each organization may differ because of various reasons such as industry, market growth. The NIST phish scale helps you to understand your organizations' phishing vulnerabilities, train the end-users to combat the evolving phishing threats. The phish scale consists of five types of cues and helps you to quantify a phishing email targeted at your organization. In this talk, I will be walking the NIST phish scale, evolving phishing threats, build an effective phishing awareness training program that suits your organization.