I just got a fraudulent email from someone impersonating my bank about small changes to the terms of service, but all of the links appear legitimate. No phone numbers either. I guess this is some sort of long-con to get me to trust the email address? It ended in the legitimate domain name of the bank.