I'd like to use my car like a tool. Why do manufacturers make them so difficult to safely operate, I shouldn't require any additional training to operate it, I should be able to just hop in at location A and hop out at location B.
Regardless of what some folks in the "User Friendly" movement would like to think, most tools require basic instruction in order to be safely used. We can't code away all individual responsibility.
Spotting a phishing form only seems like "basic instruction" to you because you're highly computer-literate. It's not; it involves understanding at least some of DNS and the difference between hosts, domains and TLDs, URLs, HTTPS, and not to mention certificates and their validity.
In your analogy, it's like saying "people shouldn't be allowed to use cars unless they can verify the hydraulic pressure in the master brake cylinder"
Which is wrong: manufacturers should (and did) install brakes warning lights. And we need to come up with better warnings for users. Blaming them for these sorts of problems is unacceptable.
1) Did you click a link from an email?
2) Does the page it redirect you to ask for your login info?
You may have received a phishing email. Are either true?
1) You expected this email because you were notified about it from another source e.g. website, support staff.
2) If you login to the website not via the suspicious link, the linked web page does not ask for your login.
If you answered yes, you probably don't have a phishing email.
"Login to the website not via the suspicious link" requires understanding what URLs are, how to isolate which part is "the website", how to edit them and how to enter them. The amount of people Googling for "log into Facebook" proves none of this is a given.
"You expected this email" is also not a hard test to pass in either academia or corporate settings, where users are generally besieged by unsolicted instructions to "Go here, do this, hurry up about it".
Not huge blame, but browser makers are making it harder to understand what's going on what how to use the web - obfuscating the URL - taking off parts of it, sometimes hiding the entire URL bar altogether.
Similarly, 'cookies' are 'scary' - there's no visual indication in a browser of what's going on with cookies, what they are, what they hold - you have to dig deep in 'preferences' then 'advanced' or 'security'. Instead of easier to use tools, we get legislation around cookies. WTF?
Users don't think like that. They generally don't know what redirect means, let alone recognise when it happens. I'll add that more and more attacks seem to come from trusted sources recently. This only goes to further the issue.
#2 - Many people don't know what a redirect is. Many of them don't really know the difference between email and www. Some of them won't know there is a difference; it's all just clicky things.
Here are some regular people's experiences of scams.
I love that you put "user friendly" in quotes. As if these products were for somebody other than the users.
Computers have taken over the world precisely because we have worked very hard to make them approachable by mere mortals. The only reason Google matters is that they figured out how to make the search engine much more user friendly. Apple is on top of the world because they made a more user-friendly music player, phone, and portable computer. And we HNers are all getting paid stupid amounts of money because the wide adoption of computing has created high demand.
Nobody is talking about coding away individual responsibility. They're talking about removing another bit of pointless friction from the system, so that the tools are more effective for the tool-users.
And I'll add that cars are heading in exactly the direction that you lampoon. If the car industry had thought like you, they'd still be back on hand-cranking to start the car, needing to maintain the battery's water level, and having to wear goggles. And soon Google will have solved the driving problem, mainly thanks to the way consumer adoption has driven down the costs of computing.
Great example of why Google's driver-less cars will be so successful, overall safer and why we should engineer our systems to remove as much complexity as possible for the users.
Regardless of what some folks in the "User Friendly" movement would like to think, most tools require basic instruction in order to be safely used. We can't code away all individual responsibility.