The latest phishing attacks only require you to open the email. By doing so, a windows script runs, changing the IP of your favorite bank to a url somewhere else. Guess what happens to your username and password?

PayPal and CitiBank customers are getting hit hard...

Moral of the story -- Turn of WSH and check your hosts file!