It’s a provocative question: should you train your executive users – the direct targets of spear phishing – by simulating the experience?
First issue: why not a real experience instead? Because of the backlash you’ll get.
Second issue: are simulations effective? I’d say maybe.
Third issue: is that the right target audience? This is the real issue: it’s increasingly low-level employees who are targeted.
Regardless, check out one provider:
http://phishme.com/