Scams got sophisticated a while ago where they would exactly replicate things like password reset emails and such including a whole fake replica website that looks identical to the real one.
I saw someone fall for one recently where a scammer had created a fake announcement from an email sending company stating they were adding political messages to the bottom of your sent emails, and to log in to opt out. The look and feel of the email was pretty much perfect.
The sophistication of scam emails these days is a big part of the switch to Passkeys, just physically making it impossible to give your credentials to the scammer site.
it doesn't help that all these companies' legitimate emails contain suspicious-looking links in the first place. the link tracking/shortening that's built into these services isn't doing them any favors for their actually important emails
I saw someone fall for one recently where a scammer had created a fake announcement from an email sending company stating they were adding political messages to the bottom of your sent emails, and to log in to opt out. The look and feel of the email was pretty much perfect.