I received a very official email this morning from Tslainsuranceservices.com.
It said my cancellation request was pending and I needed to click the link to verify cancellation.
Of course I did not click the link. The ploy is to get your Tesla logon and pass so they can steal the car.
That doesn’t always work because you can get really creative with unicode characters in domains that look almost exactly like the real domain [1]. Not to mention the growing common practice of companies using a different domain for their email sending. Not to mention that sometimes humans just make mistakes? Long story short - your super confident I know everything approach is going to get you burned and you should try to build in actual solutions like domain verification instead of relying on your “huge brain.”
[1] https://www.thesslstore.com/blog/unicode-domain-phishing/