Re:I specialize in this! (Score 3, Interesting)

"...3-7% of people still fall for those things..."

I've had conversations about security with acquaintances who think security measures can be defeated and are therefore useless. Here are some examples:

SECURITY MEASURE -> OBJECTION
Shred documents -> Couldn't someone just tape my document back together?
Add security alarm -> Couldn't a quick thief enter, let the alarm go off, grab stuff and exit before the police show up?
Check for security on important websites -> Couldn't someone run cracking software to decrypt my account login?

The answer to each of these questions is probably Yes, someone could do those things if they really wanted to.

But the reality is, why would they bother when it is so easy to find someone else that doesn't take your precautions?

For example, pretend you're a phisher. Which of the following two choices would you find more appealing:
(1) Intercept data from a user's login session, then run a decryption program on your PC for several weeks (or more) until it finally reveals the user's login info.
(2) Send spam to 10,000 accounts and get 300 to 700 sets of ID within a day or two.

I don't think I need to tell you the answer.

In the end, security is often about using better measures than the other guy. Of course, for that to work, there needs to be that other guy.

So, the 3-7% who fail to take proper security measures are actually performing a public service...They're the dupes that get exploited instead of the rest of us! :-)