I suppose Google’s doing this and they’ve built it into Chrome which is what grandma is using anyway, but what I’ve seen change over the past 20 years is the way these losers automate the cycling of their domains which are now registered with companies who couldn’t care less about phishing.

Apparently nobody's even checking if anyone responds to reports anymore, which does mean you're right that for some golden spam domains where they’re typosquatting, getting the website on a block list would help. Then the losers probably wouldn't be able to use “bank-app[.]biz” for too long and would have to resort to uglyAlphabetSoupMess.tld (instantly refreshed as soon as it’s added to any blocklist; & GPT spam college is open to continue training more script kiddies)