WhatsApp charged 1€/year. Add inflation but this is 10 messages per year instead of thousands.

Email providers needing to beat the shit spam detection algorithms (instead of prosecuting the spammers or, when in unfavorable jurisdictions, blocking providers that let spammers sign up) adds a significant cost, and the content is employee- rather than user-generated, but more than a euro per message seems pretty crazy

must say, it seems like a good idea that I've indeed not seen anywhere. I recently did hear critique on phishing trainings for organisations (shifting blame to the one who clicks, and someone is always going to click anyway), but it's not like they're completely useless either so why not offer it also for consumers? Are we sure nobody does this already?

If you want, I'd be interested in helping set this up (preferably noncommercially)

@luc
Thank you for this post...
This idea has been in my head for couple of years already.
Corporations are using it for more than a decade with mixed feedback. The difference is usually hidden in the communication - those who use it to blame the users fail and get the critique, those who use it to point out - "you clicked, no worries, can happen to everyone, let's have a lesson learned" are successful (of course some people will always get upset if something points out they are not the pure and perfect bettermen, but talking in general).
The providers of such services for corporations (like KnowBe4, or Proofpoint) usually show you some chart how great the system worked (based on "their" "research" - usually showing about 15-20% click rates before the simulations and about down to 5% after let's say a year long campaigns).
Maybe it would be interesting to run something like this as nonprofit to get at least some vendor independent statistics about the topic.

I've been looking for such an offering for consumers ever since it got into my head and never found one. Nothing for general public. While there are quite a lot of OSS resources available including nice but dead platforms like GoPhisher and similar and lure libraries.

Honestly, as I've said before, I believe this is a feature, not a product, so doing this "for profit" may be really a matter of bigger players like Eset, Google, Microsoft and have it integrated in their consumers portfolio as some kind of optional enhancement, so my ideas are now really non profit / non commercial research / PoC.

Let's see what life will bring and maybe I'll really ask you for help one day. 👍

well, I can confirm the successful phishing rates are pretty crazy, but what I doubt is whether training gets it to 5%. Perhaps that works if KnoB4 sends out the same five pretexts each year, but if you spend one hour on a custom message for the company... And even at 5%, orgs still have to plan with someone sharing their password+OTP

But individuals are different. Even if 1% puts in their bank details, that doesn't have to be me. An org is impacted if 1 person does it, but [1/3]