I killed my first phishing site today.
It's not my job to do that, but when criminals try defrauding my clients and the people who are supposed to protect them aren't doing their job, don't expect me to sit by and do nothing.
This particular scam was a typical PayPal spoofed email, claiming that such and such charges had been authorized on a person's account-- won't you please click here and log in to dispute the charge? Sadly, some of my clients are naive enough to fall for that trick. They're not computer people-- they just see a page that looks exactly like the PayPal screen they have seen before, and assume it is genuine.
It never occurs to them to study the URL carefully. Or to look the IP address up with a WHOIS service and find the organization that owns that particular range of IP addresses. They wouldn't know about contacting the abuse address and reporting a "Terms of Service" violation.
But I do, and I will.