If someone clicks on "click here to update your password" in a phishing email, are they choosing what actually happens, or what they thought would happen? Even if they should have known, and could have known, I think it's objectively true that they didn't.
it depends on the advancement of society to be honest. I wouldn't blame someone getting scammed in 2000 over a "Hot sexy singles in your area, click now!". I would 100% blame them in 2020+.
I don't know how far we've come in regards to email phishing to make a call on that.
