> People realized that past phishing attempts were quite badly constructed
I seem to recall that the typos and grammar errors were intentional. This gets rid of skeptical people, and you're left with those who are extremely gullible and likely to fall for it.
This current spate of attacks might be _because_ of that, in fact. Enough people know that phishing attacks are obviously low quality, so when they see a well-constructed message they're less suspicious
> and a well constructed one is actually really easy to fall for
It really shouldn't though, and something you need to be personally responsible for. If it's still possible in 2025 for you to fall for phishing attempts, you're missing something, something that starts with a p and ends with a assword manager.
You must be joking. When I try to log in on Outlook I get redirected to 'microsoftonline.com' (suspicious), when I log in on Wikipedia it sends me to something called 'wikimedia.org' (typo squatter?). How the hell am I supposed to know whether npmjs.help or rustfoundation.dev are _not_ the official domains of those projects?
You must be joking, are you still not using a password manager at all?
When you create the username+password combo you either do it yourself, then put in the password manager the domain, or you use whatever the password manager infers at the registration page, then that's basically it, for most sites. Then 1% of the websites insist to use signin.example.com for login and signup.example.com for signup, so you add both domains to your password manager, or example.com.
Now whenever you login, you either see a list of accounts (means you're on the right domain) or you don't (which means the domain isn't correct). And before people whine about "autofill doesn't always work", it doesn't matter, the list should (also) show up from the extension modal/popup, so even if autofill doesn't work for that website, you'd be protected, since the list of accounts are empty for wrong domains.
It's really easy, and migrating to a password manager just sucks the first couple of days, every day after that you'd be happy you finally did it.
I seem to recall that the typos and grammar errors were intentional. This gets rid of skeptical people, and you're left with those who are extremely gullible and likely to fall for it.