Many companies set up phishing test programs for their employees, often as part of a compliance requirement involving ongoing employee education on security topics. The aim of these programs is to train employees on how to spot a malicious link, not click it, and forward it on to the appropriate responder, but most of these programs do not meaningfully achieve this.
Read full article on Malwarebytes Unpacked