That’s why employees hate phishing tests when they’re held accountable, it doesn’t prove anything. It’s trivial to create a highly clicked-on email, I’ve created many. Use the click-thru rate as a means to shore up controls and training. 2/3