Two minutes after we hung up, we noticed that the tool had been downloaded using the link in the email. Another minute later, we received a connection from the now-compromised workstation.

Just to measure the awareness of the target employees, we launched three more attacks. Out of a total of four emails sent, we managed to compromise three workstations.