I got an email this morning that looked really professional from fleet.com telling me something about updating credit card information but I have no account or anything to do with fleet.

When I went over the link to the website ( which read www.cards.fleet.com..... it actually looked like it was going to fleet.com.

So I was figuring they were exploiting one of IE's numerous bugs but it wasnt really a bug, it was just a craftly put together link. What he/she had done was passed www.fleet.com as the user then used hexadecimal character in the remaining part to look like it was a normail link to fleet.com.

After decoding it completely

http://cards.fleet.comlcard_features...01/f/index.htm

I guess this is one of the reasons Microsoft decided to remove the functionality from IE for passing usernames and password in the url.

This is just a heads up. It appears fleet.com is already aware of this and that Asian Pacific IP you see in the decoded link is already down.