> I just mean the people that fall for phishing don't need this sophisticated of an attack to fall for
Yes. It's more of the opposite. It's a well documented fact that the most obvious/ridiculous scams work the best, because they help select the most gullible potential victims.
That analysis is from the perspective of the scammer. The scammer has limited time to write to each victim once the responses come back from the initial mass-email, so the scammer is better off if only the most gullible people reply. From the perspective of the person being attacked, the counterintuitive result based on selection bias goes away, and a more convincing scheme is more of a risk to you personally. (The assumption that scammers have limited time to write to each victim may itself become less true because of LLMs.)
This is only true for high throughput spam e-mails, such as those sent to literally every e-mail address in a large data breach. Corporate phishing attacks are much, much more advanced.
Yes. It's more of the opposite. It's a well documented fact that the most obvious/ridiculous scams work the best, because they help select the most gullible potential victims.
https://www.microsoft.com/en-us/research/publication/why-do-...