The most dangerous use case. A malicious actor might send out bit.do/fmlmd in a fake invoice email, claiming you need to “verify your account.” The link could lead to a fake login page that steals your credentials.