HTTPS protects the transactions, but it does not protect from a trap. It is no effort to setup an HTTPS connection that looks like the real thing.
I know everybody gets fed up being repeated the same thing over and over again, but there is ONE and only ONE protection against those emails: NEVER, EVER click on a link in an email that you were not immediately expecting. It is OK to react to an email from amazon right after you pass a command, but even emails from your friends may be coming from high-jacker who just fooled your friends with a "Microsoft is closing unused hotmail accounts. Please click here to confirm you are still using your hotmail account" bla bla bla!
