I've been at a company that internally sends out fake links that log the user and links to an educational page on internet safety.

I honestly don't mind too much since it's a once a year thing (hacktober) and honestly companies should be trying to catch out employees who click any and all links.

We used to have fun hammering millions of requests to such URLs from a VPS when they would send such emails to role mailboxes.

Eventually we got asked to please make it stop. I asked them to please stop sending fake phishing emails to robots.