I’ve been curious for a long time as to why the first piece of advice to users when one of these scams does the rounds is invariably ‘Don’t click on the link’. This video does mention that if you enter your password on the spoofed login page, the hackers will have it, and probably access to several other of your online services.
Would it not be better to encourage users to carefully check the address bar before merrily entering username / password combinations anywhere online? Or at least mention it as being equally important. Just a thought.