TBH this is probably the best argument for actually conducting phishing pentests. It shuts up the technical users who think they're too smart to need the handrails and safety nets that the IT department set up for the rest of the average plebs who work there.

(Speaking as one of the technical users here. Of course, it wouldn't happen to ME! :P )