Can companies and governments train their staff to be less gullible? Online at least, maybe they should.
Cyber-criminals are becoming increasingly sophisticated in stealing our information, and technologically driven solutions are the preferred method for fighting back. But sometimes the best defence is an old one: common sense.
Consider what we can learn from Kevin Mitnick, one of the world's most infamous ex-hackers.
His new autobiography - a tell-all on cyber-crime - maps out how he conned vital details from US bureaucrats. In one of his more elaborate attacks he duped an unassuming female employee at the US Social Security Administration into passing on vital records and details of residents. He then used this personal information in his scams.
"I was able to call Ann and have her look up whatever I wanted," he boasts all these years later.
People like Ann are probably not that gullible outside the workplace. Or maybe Kevin's mastery of US government-speak won her over.
Either way, Ghost in the Wires — My Adventures as the World's Most Wanted Hacker, is an enlightening read.And it reaffirms that even in an age of sophisticated cyber-crime, there is a human element to security that is more difficult to manage.