So, for home users:
Despite my mum programming mainframes in 1970 before she had me, my dad is on the polar opposite of the IT spectrum, and needs help with some tasks. However, instilling a sense of cynicism has actually kept him safe: he calls when there's a pop up, or dodgy looking email. Even when I forgot to update my credit card details for GSuite, he called immediately
It's taken a while to get to this point, but I'm proud of him for not falling foul of such miscreants
For enterprise users:
My company runs frequent phishing campaigns which have taught the workforce really good internet hygiene. But, shockingly, despite being referred to training should you click on link, there are still those amongst us which do it. It has been effective, though