Interesting that security firms are always telling people how to avoid phishing attacks, while understanding there is little they can do about it. The bottom line is it is very difficult to filter an email that contains imbedded jpegs linking to obscure websites.
Yes, you can block pictures from downloading, but redirecting folks to specialized websites is a pretty common technique for gathering personal information. And from the looks of things, those security firms have certainly figured out how to do that.
Stupid is as stupid does.