I thought about this for a second, and what it does do is take an "offline" phishing attack and make it an "online" phishing attack that presumably has logs and can be throttled.