One of my students just got a spam message telling him to update his eBay account information. Looks pretty professional, and IE tells him the url it takes him to cgi5.ebay.com/aw-cgi/eBayISAPI.dll?accupdatev
Of course we know where this is leading to. It isn't taking him to eBay, it is taking him to some rogue site (which has already been shutdown it seems) and is taking advantage of that new IE address bar vulnerability. Looks very legit, the link says it is taking you to eBay and IE says you are at eBay. The only thing that is missing is that little lock thingy nobody even knows you can click on.
eBay is a good choice for a target because of people being concerned over their bids getting wiped out. An even better target I think would be telling people that their Amazon.com order cannot be processed without verification of a credit card number. I wonder how many people in a rush to make sure christmas presents arrive by the 24th would have fallen for that one.
The only reason I have to use IE is for posting this thing right here. There is no way I'd use it to make any type of transaction on the web.