I just got home, opened up my pretty damned secure IE8 and got this:
Pic
From what I can tell, it's legit. Anyone else get this? Is there any way to tell how the hell they did this and how I can stop it from *ever* happening again (excluding their "initial communication")?