It seems that the phisher folk have found some new bait. The newest angle(r) involves sending out fake "order confirmation" messages bearing links that lead to web pages containing exploits for some older IE vulnerabilities. The idea is that no one will be able to resist simply looking at where the link points, and that the phisher will then snag a few unpatched folk in the process. Let's keep those browsers patched, people. And be careful out there...