Public service announcement follows:
A new exploit in Internet Explorer has been identified, where it’s possible for a URL to appear to go to one site, but in fact directs you to another. The chicanery is very difficult to detect.
For example, this link to Amazon.com actually sends you to Barnes and Noble, instead. It’s easy to be fooled by this, because the status bar (when you hover over the link) and address bar (after you follow the link) still read “www.amazon.com”.
Of course, it’s obvious in this case you’re not actually seeing amazon.com. The danger here is that a link in an HTML email may appear to send you a valid site, but which is in fact a clever near-identical spoof designed to capture sensitive information (credit card numbers, for example). Spoofs like this (e.g. redirecting to convincing-looking but fake Paypal sites) have existed for a while, but they’ve been relatively easy to detect by looking at the address bar. With this exploit it’s hard to tell you’ve been duped.
Microsoft doesn’t appear to be taking this very seriously. I do, though.
Be careful out there, kids, especially when clicking on links within emails from people you don’t know.