This Enterprise Systems article highlights once again that protecting yourself from phishing attacks requires guidance and training. Relying on good intentions is not enough. Many are tricked into clicking on links in phishing e-mail messages anyway.
The cleverness of cybercriminals can still overcome the best intentions of employees. As Sjouwerman [KnowBe4 founder and CEO Stu Sjouwerman] points out, “Many of the top Phish-prone industries are regulated and subject to compliance rules, so well-meaning employees can be tricked into clicking a link if they believe an e-mail was sent by a government or law enforcement agency, or by someone they know and trust.”