[antonymoose]

I used to work for an anti-phishing focused brand protection firm, we provide training and testing to third parties and heavily, aggressively dog-fooded our own products.

So, of course, we got to a point as a company where no one opened any email or clicked any link ever. This caused HR pain every year during open-enrollment season, for other annual trainings, etc.

At one point they started putting “THIS IS NOT A PHISH” in big red letters at the top of the email body to get folks to open emails and handle paperwork.

So then our trainers stole the “NOT A PHISH” header and got almost the entire company with that one email.