Re: "they came back in full force"
User stupidity is a user clicking on a link in an email from Seyor Moneyov with a link to givus.yourmoney.com
Lack of user experience results in email clients opening in full preview modes and executing whatever crap is embedded in it (hell why do I still see this as a thing in 2022?)
However, why would you regard it as stupid to click on what looks like a regular email from the spoofed email address of your bank which has a full company letterhead and 15 valid embedded links just like a valid one? I received an email which "didn't feel right" but looked genuine ... on investigation it turned out there was just one incorrect character visible in the (long) hover-over link address. More and more companies rely on click-through email linking directly to web portals, it massively increases the target surface for criminals as it increases the risk of making a mistake and clicking the wrong thing ...
Thousands of people pay utility bills, receive a monthly email request for a meter reading and how many click through the email to provide it? How many people click though on a Screwfix offer? How many look at an eBay email notification? While 'click-through" is the norm, security will not get any better.