Why live phishing tests suck – Reason #1: Unexpected employee reactions.

Pushing emotional triggers in test emails can lead to unexpected results.

Here are some examples I’ve seen happen:

1. Employees contacted unprepared executives directly
2. Employees post on social media to vent about their employers
3. Employees contacted impersonated organizations in a panic

While it may seem like a good idea to test employees exactly as attackers would, in an operational environment, this frequently backfires.

Unexpected employee reactions always take a toll, either in wasted time, lost reputation or added stress.

When testing in an operational environment, make sure to invest in proper communication and contingency planning.

Or, you could consider using a gamified platform that uses immersive, virtual inbox phishing assessments, like Click Armor.

Photo of a fish hook on a laptop to represent live phishing tests

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.