Security professionals like to think we’ve seen it all. But a recent experience reminded me just how easy it is to slip, even when you’re the one who set the trap.
Background
One of my fast-growing SaaS organizations engaged me to help deliver a phishing simulation as part of a broader employee security awareness initiative. The campaign had multiple layers of complexity and realism. One scenario involved a fake LinkedIn email with the subject line:
“LinkedIn is introducing new profile features to protect your identity.”
As part of the mandate, I had a company-issued mailbox to coordinate internally. Around the same time, I was running outbound outreach on LinkedIn for GolanTek and juggling several organization priorities.
Then it happened.
The Click
I received the fake LinkedIn email. It looked sharp, clean, and totally legitimate. Without hesitation, I clicked the link.
Immediately, I was redirected to the “clicker” landing page I had personally designed.
There was the animation: a fisherman casting his line and reeling in the catch — me.
The Reaction
I knew what happened before the animation even finished loading.
And when I told the organization team what I’d done, they couldn’t stop laughing.
Rightfully so. I had successfully phished myself using my own campaign.
What Went Wrong?
- The design was convincing. It mimicked LinkedIn’s visual language perfectly.
- The message was plausible. Identity protection is a hot topic.
- I was multitasking. My brain didn’t register the usual cues.
But most importantly: I didn’t pause.
I didn’t Stop. Look. Think.
I just clicked.
The Lesson
We like to believe experience makes us immune. It doesn’t.
If anything, confidence can make us careless.
This experience reminded me that no matter how sharp your instincts are, your habits matter more.
When things get busy, slowing down becomes a security control.
For you. For your team. For everyone.
Final Thought
If you’re building out a security program and think phishing training alone is enough, it’s not. What you need is culture, process, and consistency.
That’s what I help early-stage companies develop through my security leader services.
Because in today’s world, even the experts get hooked.