Fake phishing is not some great methodology to better security, it's a tool to embarrass people and hope that that embarrassment leads to better security, like the Wall of Sheep. (Which, by the way, don't anyone ever implement that at work)
Know what doesn't build better security culture? Trying to trick your users. Know what does? Working with them closely to help them understand security, finding out when and how people get tricked, and working to solve those issues.
The anti-phishing efforts I've seen so far have been lame and ineffective. Rather than trying to find new ways to make people fail, security teams should be finding new ways to prevent people from falling victim.
Know what doesn't build better security culture? Trying to trick your users. Know what does? Working with them closely to help them understand security, finding out when and how people get tricked, and working to solve those issues.
The anti-phishing efforts I've seen so far have been lame and ineffective. Rather than trying to find new ways to make people fail, security teams should be finding new ways to prevent people from falling victim.