Interesting read in CSO magazine. Link here via beSpacific (which also has other related articles on the subject).
In this article, the bank profiled has a fine-tuned system where it gets rapid notification of a new phishing attack, and then starts the process of getting the server shutdown.
There is also a hint that the bank may use “dilution”, a polite term for something bordering on a denial of service attack — putting in fake account information below the threshold of an illegal DOS—something like what you see with PhishFighting.com.
Alex Eckelberry