We seem to be taking turns preaching to the choir.... 🙂 mostly for others benefit, it seems
My preaching job would be in jeopardy for my lack of clarity, I fear.
To wit, the [Reply] button example was meant to illustrate that ANY button on ANY page visited (or in the email, as you say) could invoke the chain of events that would result in the downloading and installing of the malware.
If the victim has already fallen for the cleverness of the con, then the install process would also fall into the "trusted by the victim" area
Since you likely live and breathe this stuff, a few illustrations of how the news stories of major "breaches" lately might be in order - which one was it that was publicized that a network admin fell for a phishing email to get the ball rolling?
Back in focus on the title topic - "Phishing email, I foolishly clicked on the link" ....
Most of 'em I see posted copy/paste and screenshot are fairly poorly crafted and easy to spot. I can't remember the title (and can't find with a search - may have been Jailed ? ) of one within the last 6 weeks or so that was VERY Well Crafted. Graphic design was perfect and only the one link that led down the rabbit hole was not to a valid Apple URL.
[it sure would be nice if the search/correlation engine in the JiveWare was better - really get a list of ALL 'phishing' related threads in one list of results]
[[ while I'm wishing for stuff in ASC, a FORM led New Question posting page would solve many problems we see here with regard to lack of data ]]
waiting for Godot