Happening real time.
At least in a couple of companies this side of the pond, they are testing the end users. I'll be pointing a couple of folks at this.
I've been around long enough that I happen to know far too many folks in my current employer. Last campaign on this front I got a call from the SDir for security - I was the 1st to file the mail as a phishing attempt and one of only 6 in the company to handle it properly. (it might have had something to do with the fact that I was up at 3:30 am on a change)
I had to have a discussion with several of the folks I work with about *how* to handle crap like that. So -- even IT aware people can blow it.
As a sysadmin with command and control access to *far* too many pieces of hardware I'll point out that in my books, if you've opened a web URI from one of these emails, you need to be fired. End of line. I don't leave passwords lying around on *any* disk unless those are in an encrypted form, but the risks of getting hit with a keylogger, dataslurp, or in fact ANY virus are so substantial in the sysadmin case that I have no sympathies for someone on that front.
Its also why I try very hard not to use my windows VM for anything I don't *utterly* need to use it for.