Phishers: Hi, we’re your bank, please click on this attachment for important information.
Security experts: Never click on an unexpected attachment in an email even if you think you know who it’s from. It’s likely to be malware or a scam to steal your login credentials.
Actual banks: Hi, we’re your bank, please click on this attachment for important information. 🤦♂️
Seriously, I HATE these systems. The way they keep phishing and malware techniques believable — and have for years! — is worse than any supposed security advantage in not just using email. Half the time the info isn’t any more sensitive than a receipt would be. Or heck, even just “There’s a new message in your account, please log in to see it and use your own bookmarks to get there.” That’s actually more secure!
It’s really too bad all the schemes to add end-to-end security to email over the years have been either too cumbersome to take off for general usage or vendor-specific.