My company has tests that rate your password.
They also send out fake phishing emails with bogus links. If you fall for it and click the link, you go back to security training.
Ha! “Remedial security training”...do they serve coffee/donuts?!?
The problem with “security training” is that it is so boring that most employees forget it the day after they got it.
It would be a lot more effective to do the fake email (as your company did) and then have a little one on one in private if the employee got suckered by it.
Think the security guy in “The Firm”. :-)
https://www.youtube.com/watch?v=7tNEvCdVtk0