“Training is a big part of protecting yourself from phishing attacks. There are a lot of ways to train employees, but giving them a phishing test is pretty standard. Can you recognize a phishing message? There are several free testing sites at OpenDNS or SonicWall.”
Think you would always recognize a phishing attempt? Care to test that theory? John has a couple of links for you to check out.