If an individual responds to a simulated email from someone they believe to be an actual coworker, this response is not sent to the respective employee, but rather to us. We are however unable to read it and only count the number of responses to an email (answer rate). The person who responded will receive an automated response in which they are notified that they responded to a simulated phishing email. It may also be possible for the users to personally contact the supposed sender to ask whether the e-mail is genuine. The person whose name we are using should be prepared for this and capable of identifying the email as a phishing simulation and directing the recipient to the learning page if they are asked about the email.
However, in our simulations we state that fake names also lead to high click rates, meaning that real names are not absolutely necessary.