Part of the problem of getting people not to succumb to phishing attempts is the poor practices used in legitimate emails.
Google sent me an email saying something was going to expire in a month because of inactivity. I needed to click on a link and verify my information. You know, exactly the same kind of things a phisher would wrote.
I spent half an hour looking at the HTML to verify the links and the headers to see if there was anything suspicious. Eventually, I decided it was legitimate. But even then I was still very careful. Few people I know would be this careful because they would not know how.
Sadly, in the many years where phishing attempts have become so common, few people care enough about changing their bad email practices that contribute to end users becoming victims.