I don't think that it would be possible for me to fall for a HN phishing attack seeing as how I don't even have a password with HN. I logged in over a year ago using one click authentication linked to my Google account. The only way I could theoretically be effected by a phishing attack would be if the attacker somehow logged me out, then made a page which tricked me into thinking that I was clicking on HN's one click login.