How about some Fried Phish?

Fried Phish, otherwise known as PIRT (Phishing Incident Reporting and Termination) was officially launched today, as reported by CNET's Joris Evers and this press release. I've been watching this project get ready for its debut and I must say I'm impressed.  Fried Phish is a joint effort of computer security site CastleCops.com and Sunbelt Software. Here's how it works. You get a phishing email but do you know what to do with it?  Besides not click on the links, that is. Now there is an easy way to report a phishing email and a staff of trained volunteers to analyze it, confirm whether or not the phishing site is still alive, and report it to the proper agencies and ISPs.

Now you can go to the PIRT site and follow the instructions on now to report your phish.  There are detailed instructions on how to view the email source (the html code) with different email clients and detailed instructions for how to copy and paste the source and phishing URL into the tool. (Phryer?)

The staff will analyze the email and confirm the phish, notify the appropriate agencies, contact ISPs and do whatever is possible to have the phishing site shut down.  Confirmed phish are posted here.  A topic is posted in the forum by the handler for each phish, as seen here, and a list of terminated phish is here. The Fried Phish forum already has 13 pages of posts.

I suggested they call it Phried Phish, but no one listened... At any rate, I think this is a great community effort.  If anyone is interested, they are recruiting handlers.

Note that phishing is done not only by email -- there are trojans (downloaded in exploits with spyware and adware), that can spawn what looks like a bank site or login window on a user's desktop, monitor keystrokes, thus stealing login data, and email or FTP that data to a remote server.  See Troj/Banker-ER and Troj/Banker-EQ.