The URLs include some unique identifier that’s traceable to you. As far as my company is concerned, merely clicking it is grounds for security training.
Edit: I guess the argument is any page could contain an RCE.
Wow. If a single click is enough for a RCE, you've got bigger problems, IMHO. Basically, each and every website can hack into your infrastructure.
I'm not sure whether there are policy recommendations about phishing, but as far as I'm concerned a target would have failed if they entered private data somewhere, or opened downloaded documents or executables.
I'm not sure whether there are policy recommendations about phishing, but as far as I'm concerned a target would have failed if they entered private data somewhere, or opened downloaded documents or executables.