If you haven't read "Why Phishing Works" (850 kb PDF) - written by Rachna Dhamija, J. D. Tygar, and Marti Hearst - stop what you're doing now and go get it...
http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf
Very frustrating... ;-)-Urs
Your company also has a good article on the same subject. http://www.microsoft.com/downloads/details.aspx?FamilyId=B4022C66-99BC-4A30-9ECC-8BDEFCF0501D&displaylang=en