One aspect of phishing attacks that no one (at least I haven't seen) has addressed is to respond back.
We all receive the emails, presumably a very small percentage of people respond back with corresponding numbers (DOB, paypal account, SS#, address, etc.) and then spend the next few years of their lives trying to claw their way out of debtors prison.
Instead, when you receive the email, respond back. It would seem to me (much like the way a denial of service attacks works) if as soon as people received the phishing email we all enmass responded back. Because while you could automate the entry of username/passwords into a site (if it doesn't use an image picture), automating the stealing of money from your paypal account wouldn't work.
But since most phishing scams target credit cards numbers, maybe at the end of the day a vendor who keeps receiving a number of false numbers via an individual would raise the alarms. At any rate I would think it would frustrate these people lives a little if they received a 1000-fold increase in their inbound traffic. We've made their job too easy by filtering for them.
So repond back? Of course with completely wrong information, might save the person who puts in their correct info.
Almost like the guy who bragged about his spamming company, until bloggers posted his address and signed him up for every catalog offer, etc. known to mankind.