Let’s imagine that there is you, and you are actively using cryptocurrencies and regularly send USDT to your grandma. Well, or someone else you often send.
Grandma’s address starts with 7e5e... and ends with ...cc7. You remember those numbers very well. Next, you simply copy the address from the transaction history.
What does a scammer do. He creates a similar address from which a microtransaction is transferred to you, or a zero one. As a result, his address appears in your transaction history.
Here comes the day when you want to transfer a couple of thousand crypto dollars to your grandma. You are copying a familiar address, but you are mistaken. You have copied the attacker’s address.