Here's an example phish that arrived today:
The clickable link, wants to go to a formlogin.txt, as you can see below, yep... that's a dot txt extension !
Here's the interesting bit of the formlogin.txt file, yep... if you'd typed in your banking details, you'd be now sending them to the nice phisher, who seems to like his 007 yahoo address:
Here's the timestamps when all the fake files were created, as you can see, if you look back at the time/date of the original phishing email, the emails were sent out to people very quickly :(
And finally... here's the web gateway that was used to send the banking details to the yahoo email adress: