[rsync]

I wonder if you can comment on the weirdly pro-phishing behavior of many US banks who, if I didn't know better, appear to be trying hard to make their customers vulnerable to phishing attacks ...

- TIAA Bank redirects customers, after login, to "cibng.ibanking-services.com".

- US Bank, depending on which account you log into will redirect you to "loansphereservicingdigital.bkiconnect.com".

- Union Bank will redirect you to "unionbank.customercarenet.com" if you look at a mortgage account.

These are big, serious US Banks and these domain jumpings (to domains that almost look like parodies of an actual bank domain) occur to every online banking customer.

They are training their customers to be phished.

FWIW, I have never seen Wells Fargo do this ...

[dmurray]

My bank in Ireland (Ulster Bank) has a notice on the login page: "You will NEVER need your card reader [their 2FA] to log in". Last year they changed their login flow so you are asked to use your card reader to log in. I complained about it on Twitter but got a meaningless response about customer safety/new regulations.

If they wanted to train their customers to be phished, I can't think how they could do a better job.