I wrote about the how the Bank of America are conditioning their customers to be more susceptible to phishing.
It seems they are actually trying to break a record here (or else their security guy quit and was replaced by a marketing person). I just got an email that said:
This email was sent to you by Bank of America. To ensure delivery to your inbox, please add email@example.com to your address book or safe sender list.
My first assumption was that it was a phishing email – why on earth would the BoA legitimately try to convince me to open myself up for phishing? (after adding this email to my “safe sender list” every phisher in the world would set this as their “from” address). In fact, a friend made fun of me for thinking this was a legitimate email – clearly only phishers can think I’m that stupid. Unfortunately, it’s real – it was sent to an email used only by the BoA and unknown to anyone else.