I fear for the gullible user

I received this email from "Bank of America". It obviously a phishing attack but it sounds so legitimate and straightforward that I can easily see lots of people (including some I know) to fall for it. Scary, look: even the URL looks real:

Dear Customer:

Recently there have been a large number computer terrorist attacks over our database server. In order to safeguard your account, we require that you update your ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

Please make sure you have your ATM/Debit card and your login details at hand.

To securely update your ATM/Debit card PIN please go to:

http://www.bankofamerica.com/state.cgi?section=signinpage&update=&cookiecheck=yes&destination=nba/signin

Please note that this update applies to your ATM/Debit card - which is l! inked directly to your checking account, not credit cards.

Thank you for your prompt attention to this matter !

Regards,

Bank Of America Customer Support

And when you go to it, the URL is: "http://148.217.2.29/~magallanr/cgi/cgi- bin/sso.login.controller/SignIn/"

Scary!