Yes I did. I didn't say this was a phishing attack, I said they are vulnerable to them. That and the issue in this article ("mistakes") are caused by the same thing - lack of proper procedure - which is what my comment is about.