Proofpoint can help, but nothing is foolproof, the world just invents better fools.
There is an advanced extra-cost version of EOP that adds the attachment sandbox feature, where it checks attachment files and links in emails, and if they go to known bad actors, they get filtered out. Like Proofpoint, this can help reduce the chances of account compromising phishing emails from getting through, but it's pretty much impossible to prevent. User training is the only real answer - we do internal phishing tests and it's amazing how many people will click a fake email saying their is something wrong with their Citibank account - WHEN THEY HAVE NO ACCOUNTS WITH CITIBANK! How the hell stupid do you have to be? And most financial sites I deal with rather constantly mention that they will never ask you for certain types of information, yet when a fake email comes through, Joe Average will happily provide the information - which they clearly state they will never ask for! You can't fix stupid.
And of course, with all the data breaches these days - even if you use a good secure password, if you use the same one all the time, good luck. You can't prevent someone else's stupidity, but you can guard yourself against the effects of it.