I signed up just to make a comment on this. You’ve hit the nail on the head, and it’s something my tech support team and I are work on every day in our industry. It’s incredibly easy for an attacker to sound knowledgeable, but incredibly difficult to actually be knowledgeable, and it takes alert front line staff to see the red flags. Being alert comes from practice, from experience, and not necessarily from training. Hopefully your post gets more people practicing!