Phishing attacks can often have in excess of 80% success rate. If you had received this, you would have likely entered the codes as well, even though everyone thinks that they wouldn’t. Which is just one of the reasons why it doesn’t make sense to punish recipients for making this kind of mistake.
Seconding Daniel’s request for a source. But also, to clarify, does your attempt here count as one phishing attack in total, or one per message you sent?
If it’s one per message, then 80% is double-plus-super-higher-than-predicted. But if it’s one in total, then “you would have likely entered the codes as well” needs further justification. I said in the other thread that I wasn’t super confident I wouldn’t have fallen for it; but I don’t think it’s actively likely that I would have done, even taking your claim into account.
Seconding Daniel’s request for a source. But also, to clarify, does your attempt here count as one phishing attack in total, or one per message you sent?
If it’s one per message, then 80% is double-plus-super-higher-than-predicted. But if it’s one in total, then “you would have likely entered the codes as well” needs further justification. I said in the other thread that I wasn’t super confident I wouldn’t have fallen for it; but I don’t think it’s actively likely that I would have done, even taking your claim into account.