So if you take Manuel Humberto Santander Pelaez's (@manuelsantander) SANS diary entry from this morning (http://isc.sans.org/diary.html?storyid=10762) about phishing and modifying the status bar using javascript.

As reported by qq xeyeteam here - spoof_StatusBar - http://xeyeteam.appspot.com/media/agh4ZXlldGVhbXINCxIFTWVkaWEY-cIwDA/spo... (a GOOD in your browser demo)

And you had to implement that on linkedin malware campaign as reported by Phil Hay from @M86Labs at http://labs.m86security.com/2011/06/malicious-linkedin-campaign/ and reported by Zeljka Zorz over at http://www.net-security.org/malware_news.php?id=1743

And blended them up... would you have a clever.phish? And will @cloudflare do mail as well (if they do not already)?

The more complex our OS's and apps get.. the more complex the threats become and we are usually a step behind.