Let's switch the focus from potential phishing exploits and fake devices back to the recovery phrase. Paul already has a seed. The seed he used in his software wallet. Instead of wasting time in generating and writing down a new seed, why not just recover the wallet with his old seed? The one used with his hot wallet - the software wallet.
Because that way he would lose all the extra level of security that hardware wallets provide.
The advantage of a hardware wallet is that private keys are stored in a secure manner and never leave the device, but are used only to sign transactions. If Paul has already used (or will use) the same seed to generate keys in some other software, all the added security of hardware wallet is wasted.