"tricked its own IT shop into advising that it was a scam"
That is the demonstration of the gap that exists between marketing and IT security. Marketing wants to be as friendly as possible and make things as easy as possible for the user, so sends all details, puts links in buttons and invents stupid names like HHonor that make people forget what a typo is.
The IT security comes in, sees all the stupidity and goes "That is too dumb to be real - avoid".
Inevitable, really.