[atoav]

> some text that would raise suspicion in any person

As someone who worked in IT-support I have to say this sentence is doing a lot of heavy lifting. I have seen people click on shadier things that looked much less credible. In fact I have seen the same people do it multiple times, even after it has been explained to them, multiple times and they have experienced consequences in the form of locked accounrs and the likes.

Real world users can be magnitudes dumber than you think they would be, even if they otherwise simulate the appearance of functional adults.

I have seen people who have a problem click away error dialogues with the explaination of the problem without reading the text. When asking what they clicked and why, they couldn't tell you if their life depended on it.

[monospacegames]

Yes, but my point is that the article is constructed in a way that deliberately obfuscates that there is unrelated text following the phishing message (quoting my initial comment: The full email is definitely in the format "scary text here" "actual google message", so something like "Give us all your money or die has been created as a google app")

This led to the initial response here being quite frantic (some people even claiming that DKIM is now pointless) because presumably not everyone read the article to its very end where the actual explanation is, and then went back to the first image to realize that the author has been intentionally misleading to sell their cybersecurity services.