Anti-phishing Working Group January report is now available.
The report notes that January 2006 was a record month not only for number of reports, but also a record month for unique phishing websites, and also for "unique" password stealing applications.
Please download the PDF report and have a read - knowledge is the best defence.
Even if you *know* that a site is a phishing site, and even if you have absolutely no intention of handing over sensitive personal information, don't go there.
Let's consider the createTextRange vulnerability which is not yet patched. Since disclosure of the existence of the vulnerability, and the publication of "proof of concept" pages, there have been a few sites discovered that try to take advantage of the vulnerability. I don't know if the discovered sites are phishing sites, but there is no reason to dismiss the possibility. It doesn't matter how good your antivirus is, or how up to date you are with patches, if there is an unpatched vulnerability around, the bad guys will try to use it so don't take the risk of checking out phishing sites purely to satisfy curiosity.