Looks like the trick of using redirection CGIs at popular website (described in Phishing with Google) is getting popular among phishers. I just got a couple that uses AOL's redir-complex CGI at:
Note that phishers can use not just the redirecting CGIs, but also those CGIs that use return URL as parameters. In fact, these types of CGIs are popular among financial institutions and single-sign on services. For example, both Passport and 3D-Secure uses them.