Would you believe an ID phishing scam like this?

I just got an identity theft lure via e-mail today:

Dear_ Citibank Cardholders,

This EMAIL was se-nt by-the Citibank server to

veerify your_ _EMAIL address_.

You must cptleome this pcseors by clicking on_the_link

beloww and enntering in the litlle window_ your CITI_bank

Atm_ card number and _PIN that _you use on_the Atm machine.

That is done for-your poterction -w- becouse some_of our

memebrs no lgoenr have acecss to their email adesedsrs

and we must verify it.

http://www.citicards.com:%7a%78%74%5a%4c%5a@%61%67%71%71%71945%64%2e%64%61%2e%52%75/%3f0%43%4c%41%4c%56

To veerify your _e-mail_ addres and accees your CITI_bank

account, click on_the link _bellow_.

tuyzlpqUo

Of course it looks completely fake (what bank would send out official email like this with so many misspellings?) yet American consumers lost $5 billion last year to ID theft [Public Enemy No. 1: Identity Theft, Wired 12.02, pp. 44-45].

There may be some good news. The latest IE 6 patch released by Microsoft this week disables the http(s)://username:password@server/resource.ext syntax in URLs. They shoulda done that years ago.