(Commentary co-written by Ryan T. Wright, C. Coleman McGehee Professor of IT in the McIntire School of Commerce) Although phishing tests can be helpful to protect users, using questionable tactics has the potential for harming relationships between a company and its employees. The authors suggest that managers avoid this damage by employing phishing tests with three criteria.