Definitely worse. This sort of thing still happening in 2025 is completely bonkers to me. Recently a financial institution sent me an email asking me to "re-validate my ownership" of a linked account by uploading a bank statement. The link was to a completely unrelated and unknown domain (not even a shortener). The message itself didn't address me by name but simply said "Dear Customer". It also didn't including any legitimate info like partial account numbers. And when I logged into my account, there was no notice or message mentioning any re-validation requirement. I was convinced it was a low/medium-effort phishing attempt and submitted it to their support channel so others could be warned. It turns out it was actually their legitimate email. I told the CS rep that they're basically training their customers to fall for the next real phishing attack. Won't do any good, I'm sure.