A successful phising attack relies on...
....there being a sucker or two out there.
Unfortunately, this is always going to be a truism.
Penguin: We like to fish
A single criminal operation was responsible for two-thirds of all phishing attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published this week said. The Avalanche gang is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible …
Unfortunately it's not so simple. As more and more activities go online we'll be seeing people catching up but with a learning curve. During these transition periods there is an opportunity for phishers to take advantage of the fact that there is still some unfamiliarity with the new way things are getting done.
... and that doesn't even begin to count DNS poisoning or other flaws in the way we've become accustomed to using the internet.
For example, if you open your browser and type the URL of your bank (or use a shortcut, Google search result - whichever) and you are taken to a page that looks EXACTLY like your bank's page, including seeing the URL in the browser and a secure connection, what would make even the more savvy netizens stop and resolve the URL to an IP number and have a record of what the IP # is supposed to be to compare against that?
Generally it would take an extra paranoid person to do that, and where does it end, do you keep a list of every IP number and continually update it as networks change, never surfing anywhere without doing this check? I know of nobody that does this, though some avoid doing online banking for security reasons and are ironically thought of as technically challenged because of it.