ISP phishing

Hi guys. I notice a large increase in recent weeks of ISP directed phishing - largely because of worms moving backward to using the user's own domain for the spam, but not just in the from: address. I believe this started out as a "let's feel this out" or "wow, that worked, let's phish ISP's directly too". I now have several reports that point to this becoming a serious problem. Old with a spark of new, but definitely a problem. Anyone else dealing with this? Gadi.