Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicWhy do banks send emails with links to surveys?
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
tardtasticx
3084 posts

Uber Geek
+1 received by user: 483


  #3370321 4-May-2025 09:11
Send private message

One of the common misconceptions is that banks will never send you a link in an email, and that if they do they’re bad. 
That’s simply not the case, it’d be nice if it was as simple as that but we know there’s plenty of valid reasons a bank would send you a link to something. 

Typically it’d be ‘bank x won’t send you links to login’ for example. There’s no reason for them to do that and that’s what scammers like to do. 
A link to a survey, link to updated T&Cs, a new product etc, all valid and shouldn’t require a login at the other side. 

 

Part of looking at an email and determining the risk is reviewing the context. 
Do I have a relationship with this bank. Did I do anything to generate a survey like this? Is the branding correct? Is it asking me to do something that warrants further investigation?
from there you should decide if clicking a link or whatever action the email is asking is risky, and if it should be ignored. 



Behodar
11101 posts

Uber Geek
+1 received by user: 6090

Trusted
Lifetime subscriber

  #3370322 4-May-2025 09:21
Send private message

tardtasticx:

 

One of the common misconceptions is that banks will never send you a link in an email, and that if they do they’re bad. 
That’s simply not the case, it’d be nice if it was as simple as that but we know there’s plenty of valid reasons a bank would send you a link to something. 

Typically it’d be ‘bank x won’t send you links to login’ for example. There’s no reason for them to do that and that’s what scammers like to do. 
A link to a survey, link to updated T&Cs, a new product etc, all valid and shouldn’t require a login at the other side. 

 

 

You're quite right, and after looking through my old emails, my earlier claim that I'd never seen that sort of thing from Westpac ended up being erroneous. But when it's something that requires logging in (such as a recent one to get a tax certificate), there's no link: it just says "log in to Westpac One".

tweake
2647 posts

Uber Geek
+1 received by user: 1138


  #3370345 4-May-2025 13:04
Send private message

tardtasticx:

 

One of the common misconceptions is that banks will never send you a link in an email, and that if they do they’re bad. 
That’s simply not the case, it’d be nice if it was as simple as that but we know there’s plenty of valid reasons a bank would send you a link to something. 

Typically it’d be ‘bank x won’t send you links to login’ for example. There’s no reason for them to do that and that’s what scammers like to do. 
A link to a survey, link to updated T&Cs, a new product etc, all valid and shouldn’t require a login at the other side. 

 

Part of looking at an email and determining the risk is reviewing the context. 
Do I have a relationship with this bank. Did I do anything to generate a survey like this? Is the branding correct? Is it asking me to do something that warrants further investigation?
from there you should decide if clicking a link or whatever action the email is asking is risky, and if it should be ignored. 

 

 

the catch here is there is typically zero reason for banks to send links other than its more convenient for their customers. instead of a link all they need to say is "log into your account to check".

 

scammer 101 is to have an email looking like its from your bank with an email link.

 

2ndly if you fall victim to a scam because you clicked on a link, the bank blames you for clicking on a link, but they expect you to click on their links even tho most people can't tell the difference between a real one or not. so its simply bad form and hypocritical by banks to send links in their emails.



mattwnz

20520 posts

Uber Geek
+1 received by user: 4797


  #3370373 4-May-2025 15:23
Send private message

tardtasticx:

 

One of the common misconceptions is that banks will never send you a link in an email, and that if they do they’re bad. 
That’s simply not the case, it’d be nice if it was as simple as that but we know there’s plenty of valid reasons a bank would send you a link to something. 

Typically it’d be ‘bank x won’t send you links to login’ for example. There’s no reason for them to do that and that’s what scammers like to do. 
A link to a survey, link to updated T&Cs, a new product etc, all valid and shouldn’t require a login at the other side. 

 

Part of looking at an email and determining the risk is reviewing the context. 
Do I have a relationship with this bank. Did I do anything to generate a survey like this? Is the branding correct? Is it asking me to do something that warrants further investigation?
from there you should decide if clicking a link or whatever action the email is asking is risky, and if it should be ignored. 

 

 

 

 

If they sent an email that says to log into online banking to read this message, and not send any link, which is what some banks do, I would agree with that. However any link in an email could be to a compromised site and everyone can fall victim to a scam email, which is exactly what the message in the email says.  Especially with AI where content can now be very convincing. 

ANglEAUT
altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted
Lifetime subscriber

  #3370380 4-May-2025 16:42
Send private message

KiwiSurfer:

 

Agree, at my $DAY_JOB we use O365 which rewrites all URLs to something.safelinks.outlook.com/something/encodedURL which makes it a pain copying URLs from within O365 apps as it will paste as a massively long URL instead of the proper URL itself. Drives me mad.

 

 

💯

 

     

  1. While it is true that on a PC you can hover over the link & O365 will show the original URL, how can you 'hover over' on a mobile device?
  2. Because those links contain the O365 user ID, I believe this is a form of security related data leakage. That user ID can be either totally unrelated to this email chain or from a sender 3-5 email ago that is no longer a part of the conversation.
  3. The URL decoder from emn178 and others comes in very handy in these situations to decode the full link.




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

jnimmo
1098 posts

Uber Geek
+1 received by user: 255


  #3370418 4-May-2025 21:34
Send private message

In my opinion I prefer links in emails - it's more convenient, and arguably safer than having someone accidentally hit a typo squat or malicious paid link in search engine results to log into banking just to complete a survey. I would love to see banks investing in phishing resistant authentication methods though; but at the end of the day there's a lot of good tech/people working in the phishing/loss prevention space. 

 

Please don't report it as spam/phishing unless you suspect it is, mail delivery issues don't really help anyone. 

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
mattwnz

20520 posts

Uber Geek
+1 received by user: 4797


  #3370423 4-May-2025 22:07
Send private message

jnimmo:

 

In my opinion I prefer links in emails - it's more convenient, and arguably safer than having someone accidentally hit a typo squat or malicious paid link in search engine results to log into banking just to complete a survey. I would love to see banks investing in phishing resistant authentication methods though; but at the end of the day there's a lot of good tech/people working in the phishing/loss prevention space. 

 

Please don't report it as spam/phishing unless you suspect it is, mail delivery issues don't really help anyone. 

 

 

 

 

 if you use something like Bitwarden, it is impossible to log into anything but your banking website. 

Handsomedan
7770 posts

Uber Geek
+1 received by user: 7406

ID Verified
Trusted
Subscriber

  #3370436 5-May-2025 08:38
Send private message

Believe me - there's plenty of similar discussions within banks - we question why links are sent unsolicited and everyone nods sagely, then sends another raft of links in emails. 

 

It's a counter-productive circle of doom. 




Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

 

Handsome Dan does not currently have a side hustle as the mascot for Yale 

 

 

 

*Gladly accepting donations...

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright