It doesn't help if one doesn't know how the tech works. Today, I stupidly clicked "allow" on a website that, like thousands of other sites before it, asked me to allow or block notifications. I don't even know if that's a cookie that should be dismantled, or an ad-based third-party system which will follow me to the end of my earth.
Anyway, I clicked it. I should soon reload my PC in paranoiac fashion.
We've legislated other societal situations in the past, which the average citizen might not properly understand. RICO laws, fraud laws, hell... think about how nebulous, yet all-encompassing "conspiracy" as a crime is, but thank goodness for the "There Oughta Be A Law" people who want to prevent a crime.
Since technology will always outpace legislation, we should remain grateful for the idiot reporter that permits a charismatic person to uckfay his ife-lay for a story. We can read first-hand about what social engineering is, and hopefully apply enough sense to not respond to the survey at the bottom of the story.
It doesn't help if one doesn't know how the tech works.
That's true, @ericgeater, but I'd say that while knowledge / awareness are essential, attitude is what really makes a difference.
Some of the common mindsets that can be real hurdles when it comes to IT Security are: -
'Honestly, I don't care.'
'That's not likely to happen to me.'
'This is really a waste of time!'
'This isn't worth the effort & money."
'I'm too old for this!' *
* That came from my father when I was helping him with his Gmail account's security settings
If someone with an attitude like that lacks sufficient knowledge / awareness, he's not likely to want to improve it; if he already possesses ample knowledge / awareness, he won't be keen on making the best of it.