The criminals are always a step ahead.  Now they are encouraging customers to sign up for fake two factor authentication.   

I see two things smart banks can do to deal with this:

1. Categorically tell customers they will never send unsolicited emails with a hyperlink, or any email asking customers to do anything EXCEPT go directly to bank.com and log in
2. get their multi factor authentication implemented asap

Courtesy of AllPaynews.com

The phishers are scamming their victims by directing them to sign up for their bank or credit union’s new dual authentication solution intended to help protect their online banking activities from fraud. The phishing scam directs the institution’s customers, via an email, to enter their account number and pin so that they can register for their new “dual authentication code and phrase.” The email lets them know that a dual authentication code and phrase is now required to do their online banking, as directed by the FFIEC.

Source: SecureWorks Warns of Phishing Schemes Using Dual Authentication Signup Process to Scam Bank and Credit Union Customers – AllPayNews: Payment and fraud news, blog, jobs and discussions