The problem with phishing filters is that they analyse the page to detect a fraudulent site (ignoring URL-scanning, which most of them do as well; but I reckon many people will turn that off due to privacy concerns).
There’s now been reports of phishing sites using Flash page to simulate a web page, in order to get past the filters.
Unfortunately, flash files are very hard to scan for suspicious content, the data presented to the browser (or the flash plugin at least) is too low-level – basically just a bunch of “draw a line from (x1,y1) to (x2, y2)” whereas HTML is at least “draw an input box”-style instructions.
I guess it just goes to show that whatever we try to do, the spammers will always be one step ahead. Anyway, it’s another reason to have a Flash blocking plugin installed on your browser :)