Well, every website you or I visit knows, as part of the HTTP protocol and environment, what kind of computer we have (both OS and browser (agent)). It's trivial to craft a message that is correct and specific to the user.
Which is why I've always laughed when Windows-style malware dialogs appear on my Mac or Linux boxes. I mean, how lame is that???
The fact that Mac OS-X is nearly bulletproof against real viruses -- at the BSD operating system level -- doesn't mean the applications don't have holes, and CERTAINLY doesn't do a d@mn thing to prevent the user from being a naive fool and clicking boxes they shouldn't.
The only defense against "social engineering" attacks on a Mac is identical to the defense on Windows -- a combination of fierce skepticism and the ability to resist temptation. Curiosity killed the cat, I've heard...
. . . and my experience is that "fierce skepticism" is a lot easier for me to bring to the Unix box than to the WindowsTM one.
Some Windows users posting here seem to take offense at my attitude of "fierce skepticism" related to OS X virus warnings. As far as I'm concerned that's their problem, tho . . .