When they click on the (fake) phishing link, bring up a page that tells that them that it is a test and add some gentle instructions so they can avoid it next time.
What I do to confirm a non-obvious phishing email, is look at the real "From" address. The other day I got an email from "Accουnt-alert@amazon.com"
Looking at the actual email address revealed that it was from
"remimbersrs-qwrdvcxwet-exp-2020-3111538818484262@legger-3.com"
When they click on the (fake) phishing link, bring up a page that tells that them that it is a test and add some gentle instructions so they can avoid it next time.
What I do to confirm a non-obvious phishing email, is look at the real "From" address. The other day I got an email from "Accουnt-alert@amazon.com"
Looking at the actual email address revealed that it was from "remimbersrs-qwrdvcxwet-exp-2020-3111538818484262@legger-3.com"