@thesle3p There's more to phishing than malware, at least if you are doing it right [wrong]?.

As an example, we're constantly being hit by people targeting accounts payable and accounts receivable. Users need training to know not to trust people who call or email, even if that email doesn't have malware in it.