I think they're being forced into the assumption that your average user is too dumb to learn how to dodge phishing attacks.

I think the solution is to make people pass a test to be able to use a computer, like a driving test.

That way, we can have a 'computer training school' that teaches people that making viruses and defacing websites are eventually self-destructive, and so on...