[xja]

To be frank I think that's a bit naive.

These attacks are a numbers game. There's a low cost to sending the emails and a much larger payoff.

Education helps, but it's still possible to catch people off guard, tired, new users etc.

Anything that can be done to flag these emails as spam, or increase the cost to the attacker helps.

[gearhart]

Whilst I agree with you that the issue should be addressed by mail clients, these emails are not a numbers game in quite the same way as usual spam.

Since they rely on attachments and subject lines that are drawn from an individual user's gmail account, they have to propagate through a network, and they can't be just mass-emailed. Anything that can get the ratio of people falling for this lower than 1/<avg addressbook size> will completely eliminate the issue.