You can tell by the URL that it is fake. Phishing catches stupid people. You have to wonder how they were smart enough to have anything worth taking.
Phishing also catches the huge number of people who don't analyze whether a URL is exactly the same as the real company's, even assuming they have the background to do so. And those people, whether "stupid" or merely "uninformed", are in the VAST majority.
Show a left-hand-thread bolt to 100 people and ask them to describe it. 99 will only tell you "It's a bolt", and if you're lucky, 1 in 100 will mention "with a left-hand thread".
You (and I) might say "Well you can tell by the angle of the thread that it's left-handed", but the vast majority of people don't even know what to look for.
Same with URLs.