I agree with that. But you cannot deny that being careful is most important. For example, I knew how these phishing scams work. But I was careless one night, and I was scrolling through social media, and I suddenly received an email. I was kind of sleepy and saw the email was from an airdrop hub website, and the email said I had some unclaimed reward. I went ahead without checking the sender of that email and connected my metamask wallet. It takes less than 30 seconds to wipe out my entire wallet. I realized right after signing, but that was too late already. I revoked the connection but the wallet was drained already. It's not like I didn't know how these scams works. It happened because I was careless.
Such events happened with most of us at least once. Those are very lucky guys that are still safe from all kind of scam or hacks. It is because we don't take security (carefulness) serious till the time we lost our funds due to scam or hacks. There are so many stories here regarding how people lost there Bitcoins due to hacks but people feel that they are safe since it never happened with them. Security is a real concern in Bitcoin and should not be considered as an after thought.
In case you see anything suspicious or some very attractive offer, follow the
STOP -- THINK -- ACT strategy. First stop and don't give any immediate response, think whether the suspicious thing is legitimate, after dual verification do your act.