Most security awareness programs are at best gimmicks that will statistically fail at their goal. They intend to educate people so that they can make better decisions regarding how to behave or whether they are being conned. The programs intend to get people to think so that they eventually will behave better. This will at best achieve basic results.
Stop and consider that you are relying on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, nation-state, etc. Logically, this is a ridiculous business decision.
Read why Ira Winkler, president of Secure Mentem, believes the ideal awareness program focuses on reinforcing procedures and guidelines, which have embedded security, on DarkReading.