My 26 year old works for Northrop Grumman. He got an email asking him to click on a link and select a size if he wanted a Northrop jacket.
He reported the email to corporate IT as a Phishing attempt. The response was that it wasn’t a malware, but a genuine corporate outreach.
I got the above narrative from my son, when I saw him wearing his new jacket.
Dan, who now has his own law firm, once told me that he got an email asking him to click on a link if he wanted a dozen free donuts, when he used to work at a Washington DC law firm.
According to Dan, he wanted to impress his colleagues by bringing in a dozen donuts, to his office. I think his was kidding about impressing his colleagues, but click on the link he did.
There was an immediate email response stating that the previous email was a Phishing exercise conducted by his (then) employer. Dan had violated corporate policy by clicking on the link in the previous email.
Guess who got to take mandatory corporate security training?