The latest phishing attacks only require you to open the email. By doing so, a windows script runs, changing the IP of your favorite bank to a url somewhere else. Guess what happens to your username and password?
PayPal and CitiBank customers are getting hit hard...
Moral of the story -- Turn of WSH and check your hosts file!