we've been trying "dear user: caveat emptor, every email you get has eg a 0.01% chance of being a security hole" for 30+ years and it's resulted in comprehensive failure.
See also the campaign to make users competent sysadmins of their own devices.
Hell, I almost got got because the morons running our cell networks let anyone text and claim they're fedex. No reason to authenticate a thing like that. I was waiting for a delayed / lost package so it wasn't crazy that fedex would be texting me. If they'd used a better link forwarder domain I probably would have clicked.
See also the campaign to make users competent sysadmins of their own devices.
Hell, I almost got got because the morons running our cell networks let anyone text and claim they're fedex. No reason to authenticate a thing like that. I was waiting for a delayed / lost package so it wasn't crazy that fedex would be texting me. If they'd used a better link forwarder domain I probably would have clicked.