A related point is that this type of email with malformed HTML code will get detected by a decent AV scanner, as it will object when it tries to write a temporary copy to disk.
McAfee for example detects this as a 'trojan'. Won't detect other phising emails that just point to the spoof site of course.

One thing I always insist on for PCs that I support in my unofficial sysadmin role for friends and family is that they run a decent AV scanner, amongst other things, which I offer to configure for them if required. A couple of them have received other phishing emails recently, but at least they had the sense to panic and ask me what that red warning box meant and was their PC still OK