I will openly admit
to be one of those people that opens attachtments (after taking some precautions) because i like to respond to the phising attempt with "real" details.
So if i get a "your Paypal account is locked" email, i will happily fill it in with real but false data.
Credit card number to pass the LUHN test are readily available from dark coding, a bank sort code is easily invented, as is an account number. A plausable name and address doesnt take much imagination to conjour up.
They must spend hours typing in the details just hoping that they made a small error inputting the data.
If all of us with the know-how did this, phishing attacks would not be worth the effort as they would drown under the deluge of seemingly real data.