A list of trained employees who were vulnerable to the phishing attack and whos access to your money and production services could cost you that money and reputation.
You need to develop as many scenarios, as you can. Even if you feel, that you would not open the link/input any data. You are not the target in some scenarios if you are reading this :)
Scenarios can be based on:
World trends (COVID-19 for now)
Popular social networks in your country
Your infrastructure stack
Target group interests
Just use email generators and WYSIWYG editors
Don't make it the pattern. Your colleagues should not receive phishing mails each friday or each first day of the month. Phishing should be unexpected.
Split your employees by groups properly. Be aware, that they will share the information
Open rate (ok)
Click rate (people should receive some learning materials with the test)
Submit rate (your potential leakages)
Write to us and get a free consultation.