SSL & Phishing get cozy, a look at how the system broke, is a very good analysis of a recent very targeted phishing attack. The important thing to remember here is just because one big company says it's so doesn't necessarily mean it is. That little lock that appears to tell you your using an encrypted connection doesn't always mean you connected to the site you thought you were connecting to. Always make sure you're familiar with you're financial institution's websites. And it wouldn't be a bad idea to verify emails by phone too. I can guarantee you those malicious phishers are quite capable of pulling the wool over your eyes the moment you let your guard down. Take it from me. Banks that email you stuff out of the blue are bad.