Interesting article from The Register.
. . . Around one in three (30 per cent) of end-users click through a malicious URL in an email even though they have been warned of the danger. “End users are increasingly desensitised from the warnings, don’t feel responsible and still lack enterprise-driven education,” according to Websense.
For all the work that enterprise Information Security performs, it certainly appears to me that training the end-users to NOT click on suspicious email is not very high on their list. In fact, I would venture to guess that hardly any of the “Ivory Tower” Info Sec people even think to train their users, let alone send out fake spearfishing mail to see who is actually clicking on those links. Who better to train than the miscreants that continue to blindly infect their own workstations and the network, and who open the enterprise up for attack?