Some companies have started testing their employees on how they respond to phishing attacks.
A company called Intrepidus Group has a system whereby they basically send your company’s staff spam, testing them on how they respond to it. The system can even concentrate spam on people who are ore susceptible to clicking on links.
The system sends results back to the tester on who clicked on the emails, what data they entered in (e.g., their name, credit card numbers, etc).
So the next time you see an email that doesn’t look quite right, and has links to external sites, think hard whether it’s real, spam, or this new kind of "ethical" spam.
The company’s web site explains it better, http://phishme.com/