Phishing is an attempt to obtain sensitive information by an attacker impersonating a trustworthy entity. Typically the attack is conducted via an email that appears to have been sent from an entity you trust, such as Microsoft or other companies you work with. The message will prompt you to click on a link that leads you to a website that requests your username and password. This is a way for the attacker to gain your credentials and get access to your systems, often containing sensitive information. Evaluating how susceptible your organization is to such attacks is extremely important and can help you recognize your organization’s weaknesses and mitigate them before a real attack occurs. It can also help you train your staff on how to avoid being fooled by any such emails in the future.