This is a good article regarding social engineering attempts including phishing attacks.
I recently reviewed some cybersecurity training for an institution that was not up to date. Their training still identified phishing attempts as emails that contain numerous misspellings. As stated in this article the new cybercriminals have become much more sophisticated and have been sending out very authentic-looking emails. Staff must be more vigilant and better educated against social engineering attempts.
This article would be a good resource to share with your staff.