Even sophicasted users can slip up in the right circumstances.
Personal anecdote: one morning, whilst still quite sleepy received a very well crafted Namecheap phishing expedition. I half knew the product they were claiming was lapsed was actually fine, but I had just recently renewed so I thought perhaps there had been a problem I missed, and it was convincing enough that I clicked the link before doing the normal sanity checks. Thankfully the address it went to didn't resolve. Hopefully I would have noticed the obviously incorrect URL before I entered any details, and I have 2FA enabled, but still, I should and do know better, it was just perfect timing for a well crafted attack...
Personal anecdote: one morning, whilst still quite sleepy received a very well crafted Namecheap phishing expedition. I half knew the product they were claiming was lapsed was actually fine, but I had just recently renewed so I thought perhaps there had been a problem I missed, and it was convincing enough that I clicked the link before doing the normal sanity checks. Thankfully the address it went to didn't resolve. Hopefully I would have noticed the obviously incorrect URL before I entered any details, and I have 2FA enabled, but still, I should and do know better, it was just perfect timing for a well crafted attack...