The Washington Post has just rolled out a new blog, Security Fix. In one of the first posts, Brian Krebs describes an e-mail he received recently, which was forwarded by someone who was concerned about phishing scams:
The phishing e-mail my contact sent tried to hijack my computer in addition to directing my browser to a Web site designed to look like it was operated by a small British bank. After I got done yelling at him for sending this little nastygram without warning me, I got to looking at it a bit more closely.
In this particular phishing scam, simply clicking anywhere in the HTML e-mail caused my Firefox browser to begin downloading a file while the fake site loaded in the background. Needless to say, I killed the download immediately.
I wish Brian had provided more details, but in any event this doesn’t sound like a good thing.
Oh, and kudos to the WaPo for putting the full text of this blog in their RSS feed.
Ed Bott 
If I had to guess, seeing how it was a HTML e-mail, could it be that there was a graphic (like a GIF or JPEG) screenshot of a real e-mail embedded into the e-mail itself with a link set to the entire picture. If done “right”, in theory no one could notice the difference unless they have images or HTML turned off. Thus, when you click on the content in the e-mail, since it is one giant picture, it could just launch the link (which is exactly how every e-mail client is designed btw).
The only way around it would be to attempt to highlight the text to see if it was really text or a picture.
Anyways, that is my guess as to what happened. I have no clue how you could design any e-mail client to block a scam like that.