Just don't include any account login links ;)
The problem with the email approach is that you're asking customers to not trust emails...by email :)
Of course, it could be a plain text email without links, but it seems like the marketing departments of the most common phishing victims are not too happy with that as a suggestion.
IMO, part of the problem with phishing generally is that those most likely to be victims are also those least likely to be visiting a site where warnings might appear. Shutting down the phishing sites ASAP (and being first to be aware of the scam) is crucial - and that didn't seem to happen too well with this batch, as many of the sites I checked were still live.