Re entering an incorrect password on the first try: I would expect that a phishing site would take the username and password you entered, log in to the real site and redirect you there so you don't realize you've been phished. Or at least that's they way I would do it if I where cyberscum.

Perhaps they don't bother, knowing that many of the people who fell for the phish wouldn't realize it anyway.

I don't have a source handy, but I seem to recall that most identity theft is committed by family or friends of the victim.
_________________________
- Tom S.

"Never trust and engineer who doesn't carry a pocketknife."