I don't remember the exact language of the training but there's a "use your head" element. Someone you don't know is emailing you something that doesn't really make sense - stop and don't comply. There are lots of reasons the email could have internal addresses (a misconfiguration, a similar-looking domain, an internal threat, whatever) - don't rely on that if other red flags are up.
If you read the text of the GoDaddy phish, there's something like "CLICK HERE NOW TO CLAIM YOUR FREE MONEY BEFORE ITS TOO LATE".
If it was just a notification "btw you'll find a little extra something in your check this month" without requiting any weird action from the employee (which btw is how this would look if it was real) then it's a totally different thing.
