Most users dont pay attention to security awareness presentations, or blindly click through online security awareness training tools just to complete them and check off a box for another year. A real world exercise that catches someone actually falling for an attack is a much more effective way of overcoming the it wont happen to me hubris, and driving the point home.
A similar training tool would be nice for consumers as well. Banks, major retailers, and other businesses that are frequently targeted inor used as bait forphishing attacks should conduct similar exercises with well-crafted fake emails to help users get the point.
Users will probably always be the weakest link in security. Whether its human error that leaves a door open, or the gullibility of human nature that leads a user to open the door for a friendly stranger. Maybe new user awareness training with more shock value can help minimize the risk.