If you can convince someone over the phone to install malware thru a million "don't do this" screens, you can convince them to just give you their login credentials. Which is both easier, cheaper, and, I imagine, more effective.
replyAnd yet, criminals create banking trojans at scale. They wouldn't do this if it was more effective to always do traditional phishing.
reply