Now when I see a phish, I check to see where it is coming from. 97 percent of the time, it is a test. We're getting these tests often enough that I just assume that's what it is.
Which is fine, actually. If you see it and think "oh, IT is at it again" and delete it or report it, mission accomplished, because there is still that 3/100 chance it is real.
So when you look at the sender of a suspicious email and it's not the phish sim service you just go ahead and open it? That doesn't sound like a problem with the phish sim.
It's certainly a problem with the phish sim if you're trying to teach people not to open random links and instead you're teaching people not to open phish sim emails.
It fact, it can be actively harmful if it creates a false sense of security.