Here's a new piece I wrote about the *other* aspects of Web security beyond the bits and bytes...Don't let this stuff catch you off guard.
Preventing phishing attacks is not just a technical issue
Preventing phishing attacks is not just a technical issue