The Golden1 Credit Union mostly serves (I think) State of California employees. Today these customers were miseducated about how DNS changes propagate and encouraged to trust a bare IP address and “accept the security alert.” See screenshot below (red outline added):
This particular operation should be safe, but they’ve lowered the bar for phishers — why bother setting up go1den1.com or g0lden1.com when Golden1 has told customers to trust a bare IP and ignore warnings?
The least Golden1 could’ve done is to point some previously unused (and thus uncached) subdomain, e.g., new1.golden1.com at the new IP address for golden1.com and tell customers to use the former as a temporary workaround.
Someone ought to be reprimanded for this gaffe.