http://www.honeynet.org/papers/phishing/
"Ddraws on data collected by the German Honeynet Project and UK Honeynet Project and focuses on picking apart real world incidents to discern the tactics of phishing fraudsters. The findings come from monitoring a network of PCs deliberately left open to attack. What emerged from the study is the most detailed technical description of the modus-operandi of phishing attacks we've seen to date. It also discovered that lax security practices by consumers and small business are giving fraudsters a base from which to launch attacks."