I think we should treat people who get scammed and come out and talk about it like heroes. And this is important: no matter how "obvious" the scam might seem in retrospect or from the outside of the community it prey'd on.
The more I look at scams the more I think this is major factor in how they keep going and keep coming back.
@futurebird I agree emphatically.
Thinking about the org context: It's impossible to build a culture of better security while also reinforcing a culture if personal fear and shame for being scammed. It's not your fault someone lied to you. Compensating controls are the responsibility of the organization; the staff responsibility is to follow procedures, and the procedure should invoke the compensating control. That is a completely different concept than "don't get scammed or it's your bad."
myrmepropagandist
Jessica D Dooley