My employer pays KnowBe4 to randomly conduct phishing tests on all employees, and not so long ago, I got an email that looked (at first glance) legit, from "LinkedIn Security."
The first thing that peaked my interest, was that I have a LinkedIn account, but not associated to the email address that their "Security" team were talking to me about. Since I'm now interested, I paid closer attention to the sender address, and they were missing an E in "LinkedIn" - bingo, it's 100% bogus.
So, following corporate policy, I kick a ticket at our First Line staff along the lines of "hey, if this isn't a KnowBe4 test, consider blacklisting the domain."
A while later the reply came back, saying that they were blacklisting the domain. I replied, with a screenshot of the
host command demonstrating that the host in the "click me" link is a CNAME'd alias for KnowBe4.
KnowBe4 targetting is off a little, but they definitely caught someone that needs training!