Re: spelling mistakes, a really obviously bad url
"Having verified that it was actually from my company, I clicked the link - and they claimed I "fell for it" and automatically signed me up for remedial infosec training. Never mind that I *knew* it was from the company, and didn't provide any personal details, etc - apparently all it takes to compromise their entire corporate network is for a lowly employee to click a single link, so the employee must be at fault, right?"
Here's some more training. Don't click suspicious links. Clicking links and entering information is certainly worse, but just clicking the link can be a problem. It exposes you to whatever the page might have, including an attempt to steal an SSO token or even a possible (though very unlikely) zero-day in the browser. They were right to treat clicking the link as a partial failure.
Biting the hand that feeds IT
