We hear the same messages from large tech companies and security specialists all the time. Don't click on links from unknown and untrusted sources, and don't fall for over-the-phone scams. Many banks and other companies never send links in email in order to "train" us in being cyber smart.
But every now and then, companies do dumb things that leave us scratching our heads. Like what Microsoft did with a friend of mine earlier this week.
My friend, who because of his work needs to remain anonymous, received a call from "Microsoft tech support". There's alarm bell number one. And where did the call originate? Nigeria. That's alarm bell number two.
As it happened, my friend had a support call in with Microsoft and the engineer that called him via Nigeria was, in fact, an actual support engineer from Microsoft. After some discussion, it was established that the engineer was working from Mumbai and that Microsoft routes its calls around the world to get the lowest call charges.
Which makes great sense except that we've spent the last 30 years being told to be aware of dodgy messages and calls from Nigerian princes.
As my mate said: "Microsoft, couldn’t you have dropped a VoIP gateway into Australia rather than Nigeria?".
Many people have been called, over recent weeks, by scammers who either are in Africa or are routing calls through there to reduce their costs. So, it's not unreasonable to expect tech companies to get wise and adjust their processes. Customers shouldn't be put into a position where they have to discern whether a call is legitimate or not.
Protecting you personal data is a big deal. And most security experts agree that one of the most effective weapons against bad guys is you - the human firewall. But when companies do dumb things that fly in the face of years of training and conditioning, they make it harder for people to make good decisions when it comes to being safe in our digital interactions.