IE still vulnerable to Phishing

One of my users got an email supposedly from Suntrust which advised the user to go to otherwise their creditcard or account would be suspended. The url of actually went to This is a computer in Japan running Redhat Linux.
Of course this is garden variety phishing. What I found interesting is that even on a fully patched version of Internet Explorer the real location is hidden from the user.
At this website, right clicking is prevented in IE. The addressbar displays a https:// suntrust url. The lock is missing down in the status bar.