Fair point. But we should look at the whole system then.

I agree, my suggestion that people should just search something wasn’t well thought out. But neither is just sending them a URL to click on. And phishing is a big, expensive and contentious issue (in banking at least) right now.

Number spoofing is another rabbit hole we could talk about. Do-not-originate doesn’t actually fix the problem, for example.

At lot of time has been invested in blaming users, when actual the systems we have designed are setting them up to fail.