Phishing simulations—or phishing tests—have become a popular feature of cybersecurity training programs in organizations of all sizes. One can see the appeal: phishing tests allow security staff to craft and send emails to employees en masse that are designed to appear as authentic and enticing as the genuine malicious phishing emails that bombard businesses on a regular basis. These typically include lures such as missed delivery notices, invoice payment requests, and celebrity gossip.
