The ISC handler has a good diary entry today on some phishing he’s seen.
I got one yesterday regarding chase. I have a chase credit card and it was sent to the correct email address that is listed with that card. It looked very legit. It said that as someone had accessed my account from two IPs they needed me to visit the website to verify that my account hadn’t been 0wned. I often access from both work and home so it sounded plausible.
The link for the phishing is aweber appears to be a real company from first glance. I was thinking of calling Chase to ask for verification, instead I went to the real chase and read their policy of never sending out emails like this. I also noticed the mail headers came from a .ch TLD. I submitted the url to websense. I couldn’t find any abuse address for aweber. (plus I’m accessing email through my ISPs webmail and they aren’t giving me a good way to get the email in “raw” format which makes it harder to report abuse).