(....)
If I understood correctly, I believe there is another way to achieve this where the scammer uses the dusting attack! He just needs to generate a vanity address matching the victims address and send a tiny amount of cryptocurrency (a dusting transaction) from this vanity address. And later if the user isn't careful enough and copies address from previous transactions history, then there is a good chance that he might end up copying the scammers address and send the funds to the wrong address without even realizing it.
This is pure effort if generating a vanity address for your target, I am curious how much time it needed to copy an address with identical characters on the first and last few characters of every Bitcoin address, like it's worth it for these attackers to do it?
I also heard last time in Ethereum network where the victim lost millions when he was able to sent the funds to the identical address that did address poisoning attack.
It depends on what tools are you using for brute forcing, how much computational power you have and what/which/how many character are you trying to match! The more the characters the harder it is to get a matching hit! To get an extensive idea on this you should check this topic by 1miau about
The longer your prefix, the less likely a quick hit. Upper case letters are more likely to find than lower case letters. For example, the prefix 1Bitmover would take 2 months for 50% chance. The lower case 1bitmover is 58 times less likely.
(2)