There aren't "people who fall for phishing" and "people who don't", generally speaking. I know highly intelligent and talented people, well educated in general online security, who have fallen for phishing links and scams.
It's certainly possible to strongly protect yourself though, vs casually relying on intuition which is hopeless. You just need to establish a process or set of rules to follow. Businesses do this all the time. A classic scam is sending an invoice asking for payment, and some disorganized businesses will just pay you! But those with a process won't because you won't be able to give them a matching purchase order number and other things their process needs.
A basic personal protection is to not trust anyone who initiates contact with you, no matter who they say they are or what they know about you. Verify by contacting them independently instead.
Very true. My dad (late 60s) has written a DNS server, but still nearly fell for an email scam when he was sleep deprived and at the airport believing his flight was overbooked and he was going to be kicked.
A basic personal protection is to not trust anyone who initiates contact with you, no matter who they say they are or what they know about you. Verify by contacting them independently instead.