Clicking the link hypothetically confirms to the spammer that yours is a valid and monitored email address, and that you’re a sucker suitable for more targeted phishing.

Of course, it seems like every random user will also happily type their password into any text box that asks for it, too.

One time I failed a phishing test because I did a message trace and confirmed that it originated from our own internal servers.

Nuthin, furloughed.

Inventory management. Can’t secure what you can’t see etc

There are probably legitimate uses out there for gen AI, but all the money people have such a hard-on for the unethical uses that now it’s impossible for me to hear about AI without an automatic “ugggghhhhh” reaction.