I’ve seen at least a couple times a similar trick but with payment req websites like cash app or venmo. Everything looks legit, but if you were to look closely at the url they want you to click, it is almost always routed through a server under the phisher’s control.
I wonder why