Simulated phishing attacks are becoming a more accepted method of schooling users on how to spot a phony email rigged with a malicious link or attachment. The best strategy is to inform users of the simulated phishing training program you’re launching or running, experts say. CSOs say the programs help them better focus on the weakest link in their organizations — users — and to convert them into another layer of security. Expert: “You have to be very circumspect on how you do it, you need some element of surprise””]
Source: https://www.darkreading.com/analytics/how-to-successfully-phish-your-own-firm