I have always found the whole "Don't trust links" a faux-pax when it comes to user training. As it just means that the failure to secure systems in the first place has already failed.....

It's worse, often the saying goes "don't click on suspicious links"/"don't open suspicious attachments". If I (target of such hint) knew the link was "suspicious" I wouldn't click it! Users are not opening suspicious attachments, they open (what they think is) important invoice or message from their boss.