This article presents a technique for investigating phishing scams. While most anti-phishing efforts focus on preventative measures, or reactive investigation techniques that are not specific to the domain of phishing, this technique applies the concepts of honeytokens and web bugs in a way that may reveal previously unknown information about the phisher. The objective of this work is to develop new ways of addressing phishing scams by exploiting vulnerabilities in the tools and methods used by the phishers. A review of phishing and current anti-phishing techniques is included, along with an introduction to honeytokens and web bugs. The technique is presented with preliminary data to demonstrate promise of the concept.