Both of those points are fairly common in phishing emails, at least the ones I receive. Cloning the HTML/CSS for phishing has been done for as long as I've been able to receive emails, don't even need LLMs for that :)