You know when you login and then get redirected to a login anyway? This makes people less likely to notice phishing in case of account enumeration.
Find which e-mails are used, send an e-mail asking to login for a BS reason, collect password in fake form, redirect to real login.