No, it’s the price you pay for trusting concepts that are not intended to be trustworthy. No matter what you come up with, as long as you train people to do things wrong there will always be a way to fool them.
No company should send messages containing a url that requires login, payment data or the like. People should go to these places by typing the url or by using their own bookmarks.
> No company should send messages containing a url that requires login, payment data or the like. People should go to these places by typing the url or by using their own bookmarks.
Maybe they don't? This wouldn't help here, that's not the company sending the message. For that to work, people have to deeply know and trust the policies and resolve of each of their service providers not to do that - might as well just teach them how links work.
No, because that’s impossible. Are you going to teach them to distinguish between l and I in sans serif fonts? Or one of the look alike Unicode symbols? That roads leads nowhere but blaming someone else for a problem you brought yourself. You can’t trust links by visually inspecting them.
No company should send messages containing a url that requires login, payment data or the like. People should go to these places by typing the url or by using their own bookmarks.