You should always first inspect a link before you decide to click on it, even or rather especially on a mobile phone. If the link is too obfuscated or redirecting you where you can't easily spot what the final target address is, simply DON'T click on such a link.
Next obvious thing: don't click on random links you receive on your device which hosts your hot wallet(s). Have some sensible separation. Hot wallets with more value than you can afford to loose are a risk you shouldn't take. Use a hardware wallet or an air-gapped setup which doesn't expose your stash to the internet and malware/criminals.
Being your own (crypto) bank comes with your own responsibility, there's no way around this. Security comes with a price, but with better security you don't risk loosing your stash and have less reason to cry later.
The story either real or fabricated is heart touching but sounds funny at the same time saying it happen by accident. I'm still finding it hard to believe how someone will mistakenly click on a link. Besides, a single click might not be that harmful but continously clicking following instructions or granting access would do the harm. In such case, it's not longer an accident but a deliberate action. The first mistake was having such huge amount in a wallet that is active on his usual device. Is never a good idea to have such amount in a wallet/device you use regularly. The second mistake was probably being greedy or careless as he said it was accidental. People who live in a glass house don't throw stone. You don't lose guard interacting with any link that comes your way knowing what you have in your wallet.
