Too Long; Didn't Read
Working for a regional ecom platform with tens of millions of visits each month phishing is our everyday reality. All the usual technical and awareness measures are out the window when addressing millions of people. The simplest and most effective step is to provide some generic information to your users about phishing on your website and give them an email address they can forward the phishing emails to. The downside of this method is that some users will have given their credentials away, since these days companies have few public email addresses, you will also receive a lot of unrelated questions.