Unfortunately MANY major companies practice procedures that put their customers at risk by sending emails with links. Any official communication from a credible institution should not include ANY links, or phone numbers. They should simply say, please visit our website, or call us via the phone umber printed on your bill or the back of your card.
I complain to companies time and again that they are indeed part of the security threat problem and putting their customers at risk. I recently got an email from Bank of America telling me that they saw unusual activity on my Check Card and they gave me a phone number to call. I called the number and the representative starts off the conversation by asking me for my driver's license number! I told him how ridiculous and dangerous their procedures were, and told him I'd not answer any questions without calling back from a known number.
Unfortunately, when I called back, I was informed that it was indeed Bank of America and everything was legit. I say unfortunately because it just confirmed my worst fears that a Major institution such as Bank of America, was knowingly putting their customers at increased risk.
Also unfortunately, after trying to explain to the representative, for the 3rd time, why this was a dangerous practice, I realized I have better luck educating a brick by banging my head on it.
So while you may call victims STUPID for falling prey to these sinister ploys to farm information, it is in fact the companies we trust that are failing us and making our attempts to safeguard our information more and more difficult.