In all fairness, a genuine attacker WILL be abrasive and abusive. They WILL single out employees that are gullible and exploit them. It's not pretty because a genuine attack is not pretty. Of course a simulated attack will be indecent and discourteous in nature, that is how attacks are.

Yeah, this is a part about itsec I don’t understand in my firm. They run social engineering tests, but never notify management when individuals fail, only in general terms. While being psyopped needs to be activelly discussed among coworkers imho.

Not necessarily WILL. I've seen awesome attackers who were mostly checkbox spreadsheet clerks. Friendly, methodical, boring, expert.