Interesting read in CSO magazine.  Link here via beSpacific (which also has other related articles on the subject).

In this article, the bank profiled has a fine-tuned system where it gets rapid notification of a new phishing attack, and then starts the process of getting the server shutdown.

There is also a hint that the bank may use “dilution”, a polite term for something bordering on a denial of service attack — putting in fake account information below the threshold of an illegal DOS—something like what you see with PhishFighting.com.

Alex Eckelberry