Netcraft tells about yet another IE spoofing trick:
A number of recent phishing sites blocked by the Netcraft Toolbar community have had a common technique of using JavaScript to create a narrow popup window, which is then placed on top of the Address bar. A fake URL is entered into the popup, using the same default font as the real address bar. The script continually checks the location of the browser window and moves the popup accordingly, ensuring that it is always placed on top of the Address bar, thus obscuring the real URL of the phishing site.
It might be in its place to remind people that the safest way to avoid trouble with IE, is to use a different browser. (And while there’s a lot of talk about Firefox, personally I find Opera a better choice. In my humble opinion, of course.)