FYI...

- http://blog.trendmicro.com/merrill-lynch%e2%80%99s-rock-phish-digital-certificate/
May 9, 2008 - "The Trend Micro Content Security Team has recently encountered a phishing attack similar to what affected the Bank of America and Comerica recently**. The scheme, that involves a malicious digital certificate supposedly downloaded from a link found on the spammed email is now used to fool Merill Lynch Business Center customers... The visible link in the said email is a hypertext string that leads to the phishing URL... Clicking on the said link connects the user to a URL where they are prompted to download a required “digital certificate.” However, the phishing site is already inaccessible as of this writing. Sunbelt also warns users in their blog* that this scheme is highly likely being used for other schemes as well."
* http://sunbeltblog.blogspot.com/2008/05/merril-lynch-phish-making-rounds.html
May 05, 2008

(Screenshots available at both URLs above.)

** /t220386-Fly_Phishing_for_enhanced_safety.html