[thrownthatway]

I should have said “a well crafted malicious email” or SMS etc.

[amarant]

No such thing as completely idiot proof. But I think we can all agree an exploit that requires a click is a lot better for the intended victim than one that doesn't. This way they at least have a chance to not click it. Then we can start tackling the other problems with separate solutions

[dnnddidiej]

Phishing is big business and ways to combat are not fool proof. Education helps. Spam detection helps.

[brandonwindson]

Education helps, but it puts the burden on the user. The real fix is shutting down the phishing source, not just filtering the symptom.