The problem has many facets. We're saying that in many, perhaps most, cases, there's nothing the individual consumer could have done. In some cases, there was. In some cases, the problem occurred because the consumer fell victim to a phishing e-mail or a social engineering scheme. They could have avoided that by simply not responding to those e-mails and by just assuming that any e-mail purporting to come from a bank or financial institution is a fraud and deleting it. That's the kind of education we need to focus on.
There are a few things consumers can do. Shred documents with their personal information before putting them in the garbage. Do not respond to those e-mails. And when doing online banking or any kind of on-line financial transaction, look at that URL, the website address, and make sure it's an http address, because the pharming ones usually aren't.
There are certain things consumers can do. Some of the problem stems from consumer credulity and carelessness, but not all of it.