Someone at work got a phishing email. Looking through the html, I found this:
<p class=MsoNormal><font size=2 color=black face=Verdana><span style='font-size:10.0pt;font-family:Verdana;color:black'><a href="http://www.paypal-3089740289dsdasdfedd.8800.org/navbar/34098.html"><span style='text-decoration:none'><img border=0 width=117 height=35 id="_x0000_i1025" src="http://paypal.com/en_US/i/logo/paypal_logo.gif" onMouseOver="click('')"></span></a><o:p></o:p></span></font></p>
I'm no expert in javascript but it looks to me like just moving the mouse over an image is going to cause it to be clicked, taking you to a paypal clone site and filling your hard disk with spyware. Outlook XP disables javascript in emails, and just as well.
Peter's Moblog
