That's why I recommend that banks et.al. don't put *any* URLs in their
messages.  If they make this an explicit policy and pound it into the
heads of their customers that ANY message containing a URL is not from
them, and that they should always use their bookmarks to get to the
bank's site, then they're training their customers to be phish-resistant.

they do, and the next thing you know, someone in marketing sends out an email with an url -anyway-.

considering the fact that banks don't seem to like to be contacted by emails nor get replies (noreply@...) i'd strongly suggest them not to use crappy obsolete SMTP at all but rather present the users with their messages they don't want to distribute by paper mail -after- logging into their online banking system, where they can use all the html, links, flash *kuch* etc they want.


---rsk


Reply via email to