I have definitely seen this "you need to go deep in the settings to enable 3rd party installs at all" flow before, but I don't remember which device it was. (Just saying that the commenter above is not just inventing something, I was surprised when I saw it as well)

There definitely is such setting, but I have no idea when it was introduced. S21 is an old phone (not to disparage it in any way).

    Your Galaxy phone or tablet is configured by default to prevent the installation of apps from sources other than the Play Store and Galaxy Store.

https://www.samsung.com/ae/support/mobile-devices/how-to-ena...

Hah, yes, this is also how S21 works. But to still refute the OP's point: (1) it is in stock settings, you do not need to enable the developer settings menu via any arcane method. (2) When you tap on an APK in e.g. Google Drive or WhatsApp, Android "helpfully" forwards you straight to this settings page, allowing you to immediately toggle the "Install unknown apps" and installation will begin (there may be another "do you want to install this app" confirmation).

The point being that there is not a whole lot of friction in this flow -- one or two taps -- likely making it easy for scammers to coach victims to perform.

I agree that activating the developer settings menu is substantially more friction, and may arouse more suspicion in a victim, but [on many/most devices] is not currently required. I guess the original article is alluding to putting this kind of friction in place.