Re: Easily avoided
Exactly. I think most email servers are set up to reject emails containing executables from the outside - the only ones I have seen that users receive are executables inside a zip file.
I advised my customers to look at the file extension (which is displayed by default in Outlook) and if it says .exe or .zip at the end, don't click. If it looks legit, forward me it for advice. I even sent them screenshots of what a bad 'un would look like.
Users do stupid things, often believe they're too busy or don't understand or its our (IT's) problem to follow advice and good practice. But when the best practice doesn't take much effort to follow and its easy to communicate why the threat is such a big deal (in this case it translates to hard currency), the results are good.