you don’t know what you don’t know you don’t know, and we’re all just apes prone to lapses in judgment at innoportune times.
Oh for sure, I 100% agree! My reply was more of an educational "Hey, in case you've run into this before, this is a great way to prevent it from occurring again" sort of deal. No one is born with all-encompassing knowledge of the world and everything/anything they could ever interact with, and subsequently no one should be faulted for running into something like phishing scams where they're designed to exploit someone's potential lack of knowledge or even as you mentioned, a lapse in judgment.
I normally am good about avoiding phishing scams but almost fell victim to one because a close trusted friend of mine had their account compromised, and sent a link to something on Steam that seemed in line with what they'd normally bring up with me - and it was exactly the fact that my password manager didn't prompt me to fill in my Steam login details on that fake page that prevented me from trying to login.
(Well that and I do have Steam Guard/MFA enabled, but still)