I try to find ways to get humor out of these people. Just today I had a user get a fake AV popup from a webpage telling them they had a virus and to call this random number from Microsoft. They put in a incident ticket over it and it was literally just a browser popup. Anyways to make it more interesting I decided to call the number.

If you want to make your day fun, just call one of them and pretend to be the worst end user you have ever dealt with.

Wish someone would prank them back XD 

I feel like phishing mails are more common than ever now.

That is because they are super effective. Your end user is always the weakest link in any security plan. So if you can just target them then you are more likely to succeed for minimal effort. A good spear phish can be one of the biggest threats.

Just one user with credential and in they come... then they mimikatz to enumerate accounts and just pivot all over your network. That is why having 3 factor authentication is so important. Too bad a lot of companies implement their soft tokens in a way that make them useless.