When banks themselves do silly things

Look at this Bank of America email here. Is it a phish?

No, it’s real. I got this sample from phishing guru Lance James over at Secure Science, and he sums it up quite well:

Ok, BofA, shame on you, this looks like phishy spam to me. Note the link you included:

http://links.em.bankofamerica.com:8083/ct/click?q=6b-8g5ZIHENsxyGOqH8niwc~ynzP6cR

Guess where it lands:

https://www.ehealthinsurance.com/ehi/Alliance?allid=Ban24050&sid=em1

How is that supposed to help consumers understand legitimate links and not? This bulk mail can easily be replayed with phishing links.

Banc of America and Bank of America — I'm sure it’s legit, but do your customers know that? And are we sure we know who eHealthInsurance is? How do we know they’re not a spam site, or a malicious site?

And just because your domain is in the email doesn't make it safe (we've proven that already!)

And just to add insult to injury, there is a link in the email that allows you to add other people to the mass-mailing list.

When will they learn?