I've even heard of companies that send fake phishing e-mails to their employees so they can see who clicks on the links (and presumably give them additional security training).
The financial companies I deal with frequently send reminders to their customers saying that they will never ask for personal information in an e-mail or phone call, and asking customers to report any such incidents to their security team.
The financial companies I deal with frequently send reminders to their customers saying that they will never ask for personal information in an e-mail or phone call, and asking customers to report any such incidents to their security team.