Happened at my workplace. An phishing email went out to test how likely people were to click the link.

Anyone who clicked the link had to take phishing training. Anyone who forwarded it to our internal “hey this is a phishing email” service also had to take training… because the internal service would automatically click the link.