One thing that has evolved is that scammers are able to get access to SSL certificates much easier and free. One thing that used to be a warning flag for phishing attempts was using domains that were not secured with an SSL. This is because SSL certificates used to cost money and time to acquire. Now services like Let’s Encrypt allow instant and free SSL certificates. Also, there has been a huge uptick in SPAM and SCAM calls to landline and mobile phones. You can not trust the Caller ID. It is very easy to spoof (which is to change the call information to look like it is coming from somewhere it is not). How easy, just download this app ( https://www.spoofcard.com/). So just because the phone says IRS or Police does not make it true. If in doubt, call them back on a publicly verifiable number. Training is always going to cover tips and tricks to help not fall for the obvious scams, but really the best training policy is to make people aware that you can not really trust anything digital, you have to verify and think before you share.