Using google to track phishing attacks

I received a message from (not) my bank “Bank of America” about some recent account activity in (not) my account.

The link leads here:

http://nycompsonline.com/_vti_logs/_vti_logs/onlineest/onlineest/bankofamerica/onlinebankingsitekey/

which lead me to this search, which reveals all sites compromised by this toolkit:

http://www.google.ca/search?q=%22Please+complete+all+of+the+information%22+%22(it+is+the+last+3+or+4+digits+AFTER+the+credit+card+number+in+the+signature+area+of+the+card+)%22&hl=en&client=firefox-a&rls=org.mozilla:en-GB:official&hs=i43&filter=0