This paper [PDF] covers the technologies and security flaws phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to
arm themselves against the next phishing scam to reach their in-tray.

http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf

Urs