Phishing websites usually have a very short life span. They appear and disappear very quickly as administrators take them off-line as soon as they are reported.
It is relatively rare that the phisher, presumably by mistake, allows public directory listing on the compromised host. This omission happened in a phishing attack targeting the Italian Postal bank today. Curiously, I was able to access a plain text file containing details of all credentials entered by the site visitors.
The file contained less than 20 entries before the host was taken off-line with entries reflecting the fact that visitors knew this was a phishing website. I identified only one genuine entry and I am trying to contact the user to inform him that his details were stolen. The question is, should one log into the compromised account "pro-actively" and change the password preventing phishers from stealing money?
At the moment, there is a large number of phishing attack targeting the Italian Postal bank, which does not surprise me as the level of their internet banking security is low. Only a username and password are required to login, which is ideal if one wishes to become a phishing target. Hopefully, the sheer number of attacks will force the bank to improve its authentication mechanism.