[an4rchy]

I've been thinking about this problem for a while as well.

The somewhat oversimplified approach is to use iOS/Android devices with you in charge of installing any new apps and also inbuilt adblockers. However this still doesn't prevent email phishing.

The more restrictive option would be to use a router level / AdBlocker whitelist for websites they can access.

Ex: Facebook, Google, YouTube, Utilities, Banks etc. This way any phishing domain will get blocked. Obviously highly restrictive but probably the safest bet. You can always add new sites as they need them.