Much of this and the supporting articles were focused on the security and fraud topics. Since those details were linked out from this article, most of what's left is around the technical bits that didn't get their own posts.
For an audience of programmers on HN, I'm not surprised that this topic got more attention than the fraud but it definitely wasn't intended to be the focus of the post.
Since fraud is a broad problem to tackle with and it requires individual awareness. It challenges densely education of the users rather than technical enhancement which ends up on OTP and 2FA. Honesty of the point of view of OP is the most attractive part of the article which leads one to complete reading. Then focus on the domains varies on readers interests to discuss.
Much of this and the supporting articles were focused on the security and fraud topics. Since those details were linked out from this article, most of what's left is around the technical bits that didn't get their own posts.
For an audience of programmers on HN, I'm not surprised that this topic got more attention than the fraud but it definitely wasn't intended to be the focus of the post.