Donald Clark discovers some research that should give trainers, and those who hire them, something to worry about. He describes it in more detail, this is my crude summary:
Various methods were tested for training people to cope more effectively with phishing emails. One was a placebo but the other two were real and got very high ratings on the happy sheets.
Trouble is, when participants were later tested on their supposed new skills, they failed rather badly.
However, what did work was not conventional training at all, but giving people, unblidden, test phishing emails. When they fell for them, they had it pointed out. This was very effective at training them.
One swallow doesn’t make a summer, of course. Still it gives me pause for thought.