I have a credit card from one of the major banks and received a e-mail that looked very legitimate stating do to security I needed to update my profile.
It directed me to a page that asked for my credit card number? they would already know that. I put in a totally phoney 16 digit number and it accepted it? It then asked for the security code on the back. There was no doubt at that point what was going on.
I called the banks security department to advise them and they were already aware of the scam and were tracing it.
The lady said anytime you get a e-mail saying ''for security reasons you need to update your profile no matter how legitimate it looks, DON'T... just call your bank to see what is going on as no bank will e-mail you asking you to do that.
As banks continue to experiment and make changes they are contributing to the problem. Recently a bank I do business with revamped their on-line system (for the 2nd time in less than a year). As a result, I was having trouble logging in and ended up having to change my password twice. Ironically, I received an phishing e-mail allegedly from that bank, complete with the usual logo, legitimate displayed link, even the correct legalese at the bottom with CORRECT links to report problems, suspected fraud, etc. The message dealt with changes in the login process and that my password needed to be changed.
Having just gone through this twice (in response to the legitimate bank site, NOT from an e-mail), it almost caught me. NOT because of the phishing e-mail being particularly tempting (although it was better than most I had seen), but rather because the bank couldn't seem to get their act together and the e-mail played right into the bank's problems.