I'm going to side step coding for just a minute today, to talk about those who USE code in scam spam links.
Are you one of the 1000s of people who got an email stating your banking email had changed?
But you don't recall asking for this change or logging in to make it?
Be careful not to fall in the trap of updating that email or logging into your account because you got this email.
There are steps you can take to assess each email for validity; here is one of the most important to know and practice.
Hover your mouse over the proposed link. (careful not to click the link in following this process)
In this case, the link labelled as royalbank.com is sending you to http: //immuinsa.org/sg7cz3.php, most definitely not the place you want to go to. The URL itself is a giant red flag.
As usual, the site offering this link is a hacked site, phishing for your credentials.
It will look like 2 drops of water like your normal banking site, but without the https: (secure) link.
Seeing an email with a banking logo should not make you comfortable enough to click any link in that email without checking.
If in doubt, go to your normal banking site, by not using the link in this email but by your own methods.
In the case of RBC, the actual secure link is https://www.rbcroyalbank.com.