This hit the headlines a few weeks ago. Though this kind of email is exactly the kind of thing a bad actor would send, it destroys trust. There are much better ways of running targeted awareness and training campaigns (disclosure, I sell services in this area)…:
[…] Although the email may have realistically mimicked a cybercriminal, any business hoping to replicate West Midlands Trains should be wary of promising bonuses it has no intention of paying.
Discreet Law consultant solicitor and employment lawyer Elena Cooper warns that the rail company could be set to “suffer a glut of breach of contract claims”, depending on the wording of its original email.
“There’s a whole argument around contracts, offer and acceptance but, depending on how the email was worded, it could be suggested the employer is formally offering a bonus,” she says. “While I don’t think the employees could win a breach of contract claim, they could certainly argue that a promise has been made and now it is being removed.”