Banks: Stay safe from scams! Don't put any #security information into any site not using our specific origin.
Also banks: Please input your security information into this embedded widget on the merchant's origin.
More seriously, this is a legitimate #cybersecurity vulnerability in #USBank which should be fixed ASAP.
USBank is training it's users to just put their banking information into any site which asks and actively hurts the security of it's own users as well trains those users to do the same for any other service. What's the point of telling users to look for the padlock and check the origin, if sites will disregard it altogether anyways?