Your concerns sound perfectly reasonable, no doubt Monzo’s user’s are being targeted by phishing attacks and some of those will succeed. In my opinion though, it’s likely that the successful attacks will have got past users who don’t understand the security risks of clicking links (in emails or elsewhere) anyway.
And even if Monzo changed it’s verification method, other companies wouldn’t so trying to teach users not to click links (in emails or elsewhere) does seem a little futile. The only reason why Monzo’s links are ‘worse’ is because they’re being used for authentication. But the authentication emails are only being sent when they’re explicitly requested - people will make the association between emails they request & safe links, not just all links.
While this information
will only be published annually, Monzo will obviously be keeping a close eye on the number of account breaches that users experience & if that’s higher than average I’m sure the approach will be changed.
In the meantime, personally, I would prefer to use magic links because I’m confident that it’s not going to decrease the security of my account.