Why phishing works
I came across this excellent paper—Why Phishing Works (pdf)—by Dr Dhamija (via IE Blog). I think everyone, that does any financial transaction and banking online, should read this. Having recently been gullible to being an involuntary host, this topic still runs a chill through my spine.
Phishing works because our mind is uneducated, is inattentive, does not seek out details and does not recognize warnings that browsers provide (such as performing a hover over a link to see the underlying address in the status bar; address bar and status bar warnings, and security notifications).