I’m told that the reason phishing “attacks” work is that the phishing email/phone call seems to come from a “trusted source” like a CC company, insurance company (that one does business with), or government office/agency. Really? I mean seriously, to begin with, who trusts ANY of those sources, even when they are determined to be genuine? That alone, quite apart from all the other reasons to hang up/report SPAM, report to authorities, etc., anyone who trusts ANY call/email contact, formulated as a typical phishing contact or not, without AT LEAST verifying the source simply deserves to get what they have comin’ to ’em. *smh*