Someone here at work just discovered this.....
Got the usual scam email (this was supposedly from SunTrust Bank) which entices you to click on a link to update your online account info. It the usual scam EXCEPT that the link actually goes to a site that uses PHP to generate a real looking web page, complete with an address bar which, although built out of graphics, still has a working text entry field. The code checks to see which email you clicked through from, and if it is the Suntrust one, it builds a Suntrust page, if it is the PayPal one, it builds a PayPal page. Once the page is built, all the links and buttons on the page (except fot the login button) will work and go to the real site. The Login button takes your login info and saves it to the scammers server. The page also checks which browser you are using, and re-directs you away if you are not using IE (they oly designed the pages they build to look like IE).
This is one slick piece of work....Watch out for it. Even experienced web users could easily be fooled.