As such, end-users must be taught not only how to recognize social engineering and phishing threats, but also how to treat them, report them and ensure their colleagues aren’t falling foul to them.