[dearrifling]

Counting opening a mail as failing is ridiculous. A a phising test should only count captured logins.

[Kalium]

Following a link can readily enough expose someone to risks. Phishing isn't always just about entering logins.

[dearrifling]

That's true for any email, not just phising. Unless you can verify and trust all senders.

[Kalium]

Yup. This is why people are taught not to click links in emails for things like banking. It's a dangerous world out there, even for seemingly innocuous things.

[Scoundreller]

When I see one of these, I actually do go onto my Corp iPhone to delete the email instead of Outlook/Windows.

It may not be a perfect approach since we do use it for MFA...