These tests are done by infosec staff who don't know how to code or contribute anything useful to a company, great reason to fire the whole department and start over
If they were truly phishing it would be a great ploy, but here’s it’s just cruel. If someone is motivated enough to do the social engineering, they will be able to get a click. You will need something like proofpoint (not foolproof) if you allow links in your emails. If your company is large and ever fluctuating, to make everyone on your network a phishing expert is an insurmountable task.