(....)
If I understood correctly, I believe there is another way to achieve this where the scammer uses the dusting attack! He just needs to generate a vanity address matching the victims address and send a tiny amount of cryptocurrency (a dusting transaction) from this vanity address. And later if the user isn't careful enough and copies address from previous transactions history, then there is a good chance that he might end up copying the scammers address and send the funds to the wrong address without even realizing it.
This is pure effort if generating a vanity address for your target, I am curious how much time it needed to copy an address with identical characters on the first and last few characters of every Bitcoin address, like it's worth it for these attackers to do it?
I also heard last time in Ethereum network where the victim lost millions when he was able to sent the funds to the identical address that did address poisoning attack.