Most phishing sites replicate the login pages from financial institutions or ecommerce sites... not much creativity there. But we are starting to see more hybrid and creative spoof sites. Here's a combination eBay/AOL spoof that showed up in my inbox the other day...

The email told me that a bid I'd made on eBay was being cancelled and that I needed to login again to re-enable my bid. 

The spoof site asks for my "AOL Email Password" and some other information, but none of it is especially dangerous. I don't have an AOL account. Even if I gave them my password, zip code, and birth date, they still wouldn't have my name, AOL screen name, or anything else of real value. I sent some bogus data to the phisher and was redirected to an actual eBay auction - no two-step phishing site here. Why wouldn't the phishers ask for more valuable information? Could this be a phishing experiment? Perhaps the next iteration of this attack will be sent only to AOL users and the AOL screen name will be embedded in the URL (or form) so the phisher can connect that to the password.