Re: The weakest link....
We had one like that a the company I worked for last year ... someone copied to all employees a phising email they'd recevied complete with the phising attachement and a comment that they'd "carefully" opened the attachement so that the security software could confirm that it contained malware and that anyone else receiving this email should delete it immediately. The resulted in a rather amusing email to everyone from IT dept explaining the idiocy of
1) opening something assumed to be malware just to check that it was
2) sending the same malware to everyone else with comment "if you get this don't open it"
and finally
3) not following company policy of contacting IT immediately if any such email was ever received