To Phish, or not to Phish?

I received an email from my TV and Broadband provider yesterday.  Well, I think it was them.

Amongst other things, this email said the following:

To help us to keep in touch about your usage, please give us your preferred email address. To do this, just click on the link below and this will take you through to <customer website>  where you can manage your account and services online. You’ll need your username to sign in, which is XXXXX and your password. If you’ve forgotten your password, just follow the simple instructions on screen.
Confirm email address now

I hovered over the link, and the URL looked OK.  The email also knew my username and my account number was printed at the top of the message.  So I’m pretty sure it was genuine.

But I worry about stuff like this.  This is exactly the kind of message I’d normally report as a phishing scam.  “Click here and give some theif your login details”.

I suppose that, at the very worst, any thief doing this could sign us up for a sports or lifestyle TV bundle, cancel our subscription, or offer to pay our bill.  But that’s not really the point.

Surely anyone with access to a bulk mailing program will know about phising scams and would know that encouraging your customers to click on a link and enter their secure information is a really stupid idea.

We need to be getting people out of this habit, not into it!