I've fallen victim to a phishing attempt myself. Not in FF, but honestly, where doesn't matter. It makes you feel like a royal idiot.

No matter the company, no matter the user-support dedication, it takes an unknown amount of time. There's an amount of human interaction they need to do with you that ties everything up. Even restoring/rollback is all human interaction based. That's an expensive manhour cost and they have to spend it.

Best thing you can do is enable two-factor. The tedium of it ensures an attacking vector can't take advantage of you. Make sure you're not lazy either by doing an auto push. Manually enter that number every time.