@EU_Commission you could create policy to enforce use of public/private key authentication instead of passwords? Also create a state/EU funded browser that is very careful with how domains are shown (there are other reasons to have a public browser)?

Neither would fix the problem, but they would help. Also just education campaigns in schools and universities?