Re: Clickable links
"One month I got one such email from them within days of receiving one from their security dept, warning all customers never to click links in emails to log in!"
I'm pretty sure I've had such security emails that actually contained links themselves. My building society has a leaflet listing the domains they'll genuinely use. This hasn't penetrated as far as their marketing department who have used others. The links which appear to be genuine are actually sub-domains that resolve to marketing companies. I've even raised this at their AGM., not least because they're training their customers to be phished.
What should really concern security departments is that if marketroids expect customers to click on random links in random emails it's because they themselves see no issue in doing so. I strongly suspect that most successful phishing attacks are through marketing departments.
Biting the hand that feeds IT
