Interesting topic, interesting examples, yet it would also be of more value added to inform pen-testers or security consultants on the measures to avoid such attacks.
I know that awareness is king when it comes to SE, but still real life examples and maybe different approaches can shed more light on other mitigation techniques.

Hi

I have posted http://tech.slashdot.org/story/09/08/26/1614206/Legitimate-ISP-a-Cover-up-For-a-Cybercrime-Network on slashdot earlier this morning, However it didn't go the right way and didn't get proper answers except maybe for one or two comments.

So I though I should ask in a security professionals community maybe I can get the answer and your thoughts  to: What security measures should be taken to prevent normal users from falling victim to such malicious bodies?