You said attackers need to be "extremely sophisticated" to pull it off, and I've spent a year seeing nitwits – clumsy and trivially detected nitwits – do it without much trouble. You were wrong, and wrong in a way that's important to correct so people know that it's wrong.

And I've seen the opposite, what's your point? How do you qualify "clumsy and trivially detected nitwits"?

PS - Telling people they are "wrong" isn't convincing, and is downright condescending. Thanks for that.