IE still vulnerable to Phishing

One of my users got an email supposedly from Suntrust which advised the user to go to https://internetbanking.suntrust.com/verify/default.asp otherwise their creditcard or account would be suspended. The url of actually went to http://219.117.228.247/verify. This is a computer in Japan running Redhat Linux.
Of course this is garden variety phishing. What I found interesting is that even on a fully patched version of Internet Explorer the real location is hidden from the user.
At this website, right clicking is prevented in IE. The addressbar displays a https:// suntrust url. The lock is missing down in the status bar.