Received this email the other day from Chase (the banking folks who are frequent targets of phishing attacks).
I'm still amazed that financial institutions continue to send emails to their customers with active hyperlinks and directions to use those links. This encourages the exact behavior that makes their customers susceptible to a phishing attempt. After checking the links closely (I do like to study phishing attacks) as well as the rest of the content of the message, the only thing that provided any evidence to me that this was actually from Chase was the 4 digit portion of the account number (something buried deep down in the message).
What's especially interesting in this case is that I have already used their online payment system to make the payment for the current statement, so they are sending me an email to tell me to use a link to do something that I've already done.
We need to move away from these kinds of emails until there is some way for the average user to authenticate that they came from the real party with which they have a relationship with and not some phishing impostor. Yes, I can tell verify this because I'm the suspicious type but my mother would have a hard time with it.