I've seen so many phishing attempts, and man no matter how much I try to educate people, they STILL get social engineered into it.
That's my gripe with these places that do canned phishing attempts, users don't learn from that only how to spot the obvious ones
What I see most often trip people up are kinda like spearfishing but just using an existing persons compromised account to send out a seemingly urgent e-mail. Like and RFP that is due in 24 hours sent out to like ever person in a vendors contact list.
Users see the account, see the signature, etc, all the things you teach them to look at. They open some document, which says "To view this just click "Enable Macros", and they do it...
The scams out there are plentiful, and it only seems to be getting worse right now.