In 2021, despite companies slipping twice as many phishing decoys into their employees’ email streams than in the prior year, attackers gained entry to a whopping 83 percent of companies, a new Proofpoint report found. This second article in a two-part series describes the latest twists in social engineering techniques, key brand-name lures and how companies can gauge the success of their phish-prevention programs. It includes charts that show training results by industry and department, based on 115 million emails. Part one provided four key suggestions for boosting employee training effectiveness, described a controversy about disciplining slow-to-adjust employees and highlighted an overlooked third-party risk. See “Implementing NSA-CISA-FBI Advisory Mitigation Tactics for Vulnerabilities Exploited by Russia” (Apr. 28, 2021).