How much do we think about our suppliers' system awareness?

Like most people, I deal with several financial institutions.  For example, I have a checking account in one place, a credit card somewhere else, and an investment account at yet a third place.  I receive email from time to time from all of these institutions.

I was recently struck by how much these institutions' email says about their systems awareness, especially as far as risks and security are concerned.  For example, whenever I get email from one of them, it mentions that it is telling me that I have new transactions, and in order to find out more details, I should log in to their site--giving the name of the site, but no hyperlink.  The other one gives me a hyperlink to the appropriate page, and urges me to log in there.

I'll bet that a lot of customers prefer the second approach, not realizing that the hyperlink might actually lead to a site that exists for the sole purpose of capturing people's account information.  Indeed, even if such email is legitimate, it has the unfortunate tendency of training customers to respond positively to phishing messages.

We keep hearing that Internet banking fraud and identity theft are major problems and becoming worse.  I wonder how long it will be before our financial institutions decide to change their role in encouraging it?