An anonymous reader writes: I have worked in the IT field long enough to know that many issues can be avoided if users pay attention to popups, security alerts, 'from' addresses et al and not just machine gun click their way through things. Unfortunately most users seem to have the 'fuck it' mentality in terms of good security practices. Sometimes I will have users submit a ticket asking if an email is safe to open or if that strange 800 number that popped up in their browser is really Microsoft. When that happens I like to talk to them in person (when possible) to commend them and tell them how much trouble could be avoided if more users followed their example. I'm curious to know if anyone has ever worked somewhere with bug bounty type incentives for corporate users or if you have a unique way of thanking people for not trying to open Urgent_Invoice.exe.