On 19 Jan 2018, at 2:21, Wolfgang Tremmel wrote:

I can imagine as the "click here and solve captcha" emails will be standardized that a carefully crafted attack might lure fist line helpdesk people onto shady websides and making them click stuff.

If your helpdesk in charge of abuse is so vulnerable that clicking on a link or by extension, receiving a malware sample, will become a successful attack, then I would be interested to understand how exactly do they handle abuse reports today?

Almost all of what we get involves links and/or potentially dangerous malware samples. Yet we somehow don't get compromised as easily as your message suggests.