I received a piece of spam "from" Amazon indicating that I should update my credit card number or I would have my account deleted.  The email was quite interesting as it was professional looking but it was obviously a scam.  More interesting was the link (it's a phishing link, do not consider it to be the real deal):  http://www.amazon.com/gp/subs/primeclub/account/homepage.html/ref=ya_hp_sub_1/104-4436503-7329515?ie=UTF8&method=GET

You'll notice that the website it actually goes to is: http://www.cebessemans.be/.online/www.amazon.com/flex/sign-out.html/2Fhomepage=protocol=httpsaction=sign-out/exec.php?cmd=sign-in

Exploring further you run into:  http://www.cebessemans.be/.online/bilaama.tar.gz which has a file (exec.php) containing an email address:  bila_din_nou@yahoo.com to which the credit card numbers are emailed.  Fairly straightforward setup that should be easy to whip up.  What's interesting is the level the phisher has gone through in order to replicate the look and feel.  If you look at exec.php you'll notice that there is basic credit card validation (through the CCV) checking going on as well as other small checks in order to convince the user that it is actually the real deal.

I have contacted the website admin and he (Marc) should be deleting the folder shortly.