I have gotten two phishing attempts so far today, one of which was quite convincing looking: it appeared in full PayPal livery.
That leads me to wonder why secure sites don’t clamp down on the use of their images with some rudimentary checking of HTTP_REFERER values: for phishers who are so lazy as to link to the images at paypal or ebay, have the server return a big skull and crossbones image with FRAUD in big letters under it.
Of course, some will simply copy the images to their own server and negate the effectiveness of that, but it might cut down on the risk for some intended victims.