Passive aggressive company security
The company I work for, who shall remain nameless, is having a passive aggressive battle within its organizations. Management is totally oblivious to security concerns and commonly emails us to take some survey or class at some non-local website by a certain amount of time or else. The security group can't get them to stop it, so instead they emailed out a phishing scam that was worded almost exactly like a company email, but led to a "Ha! You've been scammed." page that tells us never to respond to vague emails that demand we do something on a non-local website by X date and to instead report them to the security group. Soon management will send out the next improbable email and they'll get reported to security and maybe they will figure out how to do it right, but more likely they'll just email the lower level managers to tell the employees to do it anyway.