Phishing tests are very common in many companies these days. There are many companies that can help with such tests. Google is your friend.

Training them to recognize it. Repeat training yearly or more.

I've even heard of companies that send fake phishing e-mails to their employees so they can see who clicks on the links (and presumably give them additional security training).

The financial companies I deal with frequently send reminders to their customers saying that they will never ask for personal information in an e-mail or phone call, and asking customers to report any such incidents to their security team.

Do you know any company that does this? That doesn't seem realistic but I hope I'm wrong here.

Planet Money episode #886: The Price of a Hack [1] interviews a supervisor at a company who instituted required anti-phishing training, with good results.

[1]: https://www.npr.org/templates/transcript/transcript.php?stor...

My brother used to do work for a large medical device company and they used to run these tests every quarter.