Receptional_Andy - 7:55 pm on Oct 29, 2008 (gmt 0)

What's quite unusual about this attack is that it's been well-planned - they have a whole slew of domain names to use, and have clearly picked hosting that is unlikely to be immediately switched off quickly. Often with phishing, the sites have been switched off by the time most people receive emails, but that's not the case here.

Enom have a warning on their homepage about this, now, incidentally, although they only mention the "inaccurate WHOIS" email.