Phishing via Instant Messaging

I just got an IM from a buddy. He told me to go to www(dot)geocities(dot)com(slash)picc_81(slash)index.htm

This appeared to be a Yahoo 360 login page. "Odd," I thought, "Why do I need to login to see a Geocities page? And anyway, aren't I already logged into Yahoo?"

Let's view the source. Oh. It sends the login credentials to a script on www2.fiberbit.net -- looks like it emails them to ggeocitiees@gmail.com

Nice job, phish boy.

I've reported it to PIRT, the Gmail guys, and the Google Safe Browsing folks.

Now to contact my buddy and give him the bad news.