@Alan This. I'm not a fan of "always blame the end user." No one should feel they're above clicking on a "bad link."

Infosec people usually have the training and knowhow to avoid them, but even we're not bulletproof. I'm massively paranoid and haven't succumbed to one yet, but to guarantee I could never would be disingenuous. Especially if you are targeted (i.e.- spearphishing), it can happen to anyone.