Phishing exercises are an important tool towards promoting security awareness in an organization. Phishing is effective, simply because it works. However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test. Sometimes, the phish can be sent at a time of day that catches the recipient off-guard, which causes a person to click the malicious link.

Countless phishing attempts are made every day, and with Covid-19 causing many organisations to move to remote working, phishing attacks have massively increased over the last year. In fact, last year’s Phishing and Fraud Report found that phishing incidents rose 220% during the height of the global pandemic compared to the yearly average.