A phishing drill is a simulated cyberattack used by organizations to test and improve their employees' ability to recognize and respond to phishing attempts. During a phishing drill, fake but realistic emails are sent to staff, mimicking common tactics used by cybercriminals. The goal is to identify vulnerabilities in human behavior, raise awareness about email-based threats, and provide targeted training to reduce the risk of real phishing attacks. These exercises help organizations strengthen their overall cybersecurity posture by turning employees into a more effective line of defense.