Social engineering is very difficult to correct. Awareness training… awareness… awareness… awareness… but the user must be willing to learn.
Most people have their starbucks app, uber app, fb, linkedin, twitter, email… So much personal and financial data can be handed over to the “bad guy”
Cybersyrup Information Security blog 