Here's a site with code to phish - but if you try to use it, ends up sending the info back to the people who wrote the code, not you:
http://news.netcraft.com/archives/2008/01/22/mrbrain_stealing_phish_from_fraudsters.html
So what is our government doing about this type of thing?