In June, the Federal Bureau of Investigation issued a warning regarding a spate of spear-phishing attacks targeting multiple industry sectors. The FBI’s recommendations were educational in nature, informing users of what may constitute a potential phishing scam. While user education is valuable, there is one problem with this approach – it only partially works, and partially working is simply not good enough. The first step is to understand what the criminals are trying to accomplish, which is credential theft and malware infection. The typical end-user relying simply on his brain, no matter how well-trained, is no match for today’s cybercriminal.”]
Source: https://www.cuinfosecurity.com/blogs/customer-education-doesnt-work-p-1529