Financial institutions are probably the biggest targets for phishing campaigns. It would definitely be nice if the CA/B Forum could come up with a set of rules that define “high-risk” domains and how CAs should handle such cases, but without those rules this is probably the best option for now.