Some banks seem to see no contradictions in spamming people with regulatory "know-your-customer" emails that look just like phishing expeditions. What’s more, these KYC emails include not just one, but at least three identifying marks of social engineering:
+ email trackers
+ suspicious links
+ urgent requests for personal information
Personally, my favourite thing is to receive suspicious emails from "no-reply" senders:
![](https://www.badsecurity.ca/content/images/2024/03/https-3a-2f-2fsubstack-post-media-s3-amazonaws-com-2fpublic-2fimages-2fc4607935-1703-40d2-b7dc-8514dfce6a6f_640x515-jpeg.jpg)
What’s yours?
Member discussion: