Phishing – The Day I Reported a Genuine Mail as Phishi
Phishing Simulation Emails in Corporate Life | A Funny Story
If you have spent enough years in a corporate office, chances are you have unknowingly participated in a phishing game you never signed up for…
The game is called… “Is this a genuine email… or a phishing simulation?” 😊😉
And unlike most games… getting the answer wrong comes with consequences…
Tell me honestly…How many times have you clicked a suspicious-looking email only to realize… oops… it was a phishing simulation? Come on… be honest…In my initial years of career, I clicked almost every phishing simulation email that landed in my inbox…
Free voucher…? Click! 💥
Training…? Click! 💥
Urgent action required…? Click! 💥
Important-looking notification from admin…? Click! 💥
Basically… if there was bait, I somehow managed to take it. 😂
Within seconds… boom… a page pops up saying I clicked on a simulated phishing email and now I need to complete mandatory cybersecurity awareness training…😒

There goes the rest of my day…
Thankfully the training was private. Otherwise, I would probably have featured on some internal leaderboard by now.😂
The training itself wasn’t too bad… but those long videos followed by quizzes always felt like punishment…And I might actually be the only person who managed to fail the quiz and retake the training…Not because the questions were difficult…
But because I confidently fast-forwarded through most of the videos and jumped straight to the questions…
I thought common sense would carry me through…Apparently… the training team had already planned for smart people like me…
Looking back, I’m pretty sure I spent enough time on phishing awareness training to comfortably complete my annual training hours goal.
Target Achieved
At one point I was getting caught so frequently, I was tempted to add a personal objective for the year…
“Successfully click 12 phishing emails.” Target achieved. 🎯

After getting caught enough times… pain became the greatest teacher…I started checking sender names…Hovering over links before clicking…Double-checking unexpected requests…
The Phishing Reporter button in Outlook slowly became one of my favourite buttons… not because I loved cybersecurity.
But because I had absolutely no interest in attending another round of training…
Over time, I became incredibly cautious.
Every suspicious email was immediately reported.
Every strange subject line was treated like a crime scene.
Every unexpected attachment became guilty until proven innocent.
Eventually, I reached what I considered cybersecurity enlightenment.
Month after month.
Year after year. Not a single phishing simulation caught me. 100% success rate.
In fact, in one of the companies I worked for, I even earned reward points for successfully identifying and reporting phishing simulation emails…
For someone who used to click almost every trap in sight… this felt like winning an Oscar in cybersecurity.
By this point… I genuinely believed I could identify a phishing email from three kms away…
Little did I know…Then came the day that humbled me! One fine morning… an email landed in my inbox.
At first glance… something felt off. The wording looked weird…The request felt odd…My inner phishing radar immediately started screaming.
Suspicious… suspicious… suspicious…
Without giving it much thought, I confidently clicked Report Phishing. Done. Case closed. Another fish caught…
A little later… I discovered the truth…The email was completely genuine.
Sent by a real person from corporate communication team. Asking all employees to take some action to complete the forms.
Oops…It was the most embarrassing moment in my life. Somewhere along the way, healthy caution had quietly evolved into professional paranoia…
After years of avoiding phishing simulations, I had reached a stage where even genuine emails had to work hard to earn my trust…😄😄
Looking back… that moment taught me something interesting!
Experience teaches us what to watch out for.
Wisdom teaches us when not to overreact.
Key TakeAways:
- Every phishing simulation click contributes to your cybersecurity education. Some of us simply invested more than the Cybersecurity team itself.
- Sometimes the mistakes that embarrass us the most end up teaching us the most.
- There comes a stage in every employee’s life when genuine emails also start looking suspicious.
- Past experiences can make us wiser, but if we are not careful, they can also make us overly fearful and doubtful.
- Somewhere between clicking every phishing email and reporting every genuine email lies true cybersecurity wisdom.
- In life too, wisdom often lies in balance, not trusting everything blindly, but not doubting everything either.
Read my other blog posts here.





