I think it's the phishers that are stupid.

I've seen some really really bad, poorly written scam attempts.

They must be stupid kids, or from another country and don't have that good of english/grammer skills.

I'm guessing it's a combination of the 2.

I'll add a third observation: they don't know #*$! about their software. I've seen subject lines like "you owe %rnd,400,800" ... can't even test their templates before running them.

But then again: yes, people are stupid. had a customer call me up one day, starting the conversation "I think I made something really stupid" ... turns out he sent a money order or whatever it was to some guy in the uk who offered a motorbycicle for like, 50% of it's worth. Of course, no bike was delivered. He asked me to see after tracking the guy, so I sent some emails in his name playing the "I'm sure the bike will arrive soon, hey, a friend of mine is also interested in sending you money"-card. he read and replied and I had a simple image embedded which was a script logging all the information. IP located him in London using some provider and the useragent showed XP MediaCenter. Naturally, the police said they weren't going to investigate since it's international and won't lead to anything, anyhow.
Told my client he should look at it as an expensive lesson. Looks like it works, he doesn't buy stuff anymore if it's too good to be true ;)

I've seen subject lines like "insert subject here"

I run a website that deals with phishing, how to prevent it, warning signs..., and i have a bunch of phishing letters that have been sent out to people, and I get a fair amount of visitors that search for names in those letters.
unfortunately there is still a market out there for it, but I think that as people become more aware of what to look for, the harder it will be for the phishers...

People see others making money and want a piece of the action without having a clue how to do it correctly and jump in with both feet. It's the same whether you're legitimate or marketing by black hat, what motivates people is still the same. Inept scammers, I would bet, are likely to be proportionate to the number of recipients who would actually act on these things, sometimes without knowing. So the wheels go round and round. :-)

It would be interesting to send out a test Phishing scam and just see what the numbers look like as to how many stupid people are out there.

Friend of mine replied to one a couple weeks ago. He totally fell for an email that looked like it was from his bank. He put ALL his info in the site. SSN, mother's maiden name, acct number... EVERYthing. I asked him what he was thinking and he said that he wasn't.

Duh.