Re: Point of detail please....
Unfortunately, yes, depending on the specific phish it is possible that just opening the message is enough to cause trouble.
The problem is what I consider a design defect in most mail clients - the fact that they execute Javascript in the HTML part of the message. It's one of the very first things I do on the occasional new install of Thundebird or Seamonkey - go into the settings, and turn off Javascript support in the email handling. I can't imagine any valid use case for it - if anything really needs that degree of complexity, it should be hosted on a normal web site, and handled by a full web browser.
Biting the hand that feeds IT
