Here is another example of a phishing attack, from SANS Internet Diary – although I am not sure the average user will know what to do with an ISO file? The attack is interesting as it uses Base 64 to obscure it from detection.
Malicious ISO Embedded in an HTML Page – SANS Internet Storm Centre