In almost all cases, the hackers will be cleverer than their targets...
Think of the maths of this: the people who create the tools that are designed to generate money by nefarious means have to be smart enough to not only be computer programmers, they have to have the kind of brain that can take lateral thought to new criminal levels. These people are smarter than nearly everyone else.
Add to this level of intelligence, a pretty amoral view of the world, and a lot of focus; you have a scary combination. The amoral view of the world is an easy one; we all do it to one degree or another, just as a form of self-preservation, they just take it a bit further. The focus is the bit that should be scaring us.
We all have jobs, hobbies and things that we do. With the practice, we get better at whatever it is we are doing. Imagine a highly intelligent, highly skilled hacker with all the time in the world to create and modify tools that exist to do nothing apart from defraud and steal. If that doesn’t scare you then you’ve not been keeping up.
The trap that we fall into is to think that we will always be safe because we always spot phishing emails, and we have very good technical protection. For most of us, we have other things to do, jobs that require our attention, lives to live: we are not focused on the threats.
It is time to wake up. It is time to review your existing cybersecurity, and to put more focus on security training. If people are not trained then how are they expected to be able deal with attacks at the level we are talking about? The days when a Nigerian prince trying to give you money was the most serious cyber-threat are long gone.
To quote from Yeats’ The Second Coming, “The best lack all conviction, while the worst Are full of passionate intensity.” Our adversaries are focussed on attack, yet our protection is little more than an afterthought for most of us, until it’s too late of course.