I don’t have numbers to back this up, but I feel like the average person is more savvy at avoiding scams and hacks than before. Normally there is some kind of red flag, if not several – poor grammar / spelling in an email claiming to be from Google, or Apple, etc. That’s what makes this story so particularly interesting – the author (Joonas Kiminki) nearly gave away his credentials to an elaborate, very high-quality sort of scam.
What strikes me the most is that everything seemed very “right” and professional. The email and the website content looked great, my phone really was an iPhone 6 and they even got the timezone right in the email.
The email raised no alerts on any email client I use, including Google Inbox, mail.google.com and Apple Mail. No web browser, mobile or desktop, show any alarms on the fake site. Google.com knows virtually nothing about the site, the email address or the (probably fake) US phone number the SMS was from. Very well done.