It's beautifully executed: a plausible looking URL leading to an official looking page, where first you have to fill in a few idiotic survey questions -- and then provide not only you credit card number, but also the CVV verification code, full name, mothers maiden name, and your SSN. I think they take it a bit far by asking for PIN -- surely no one would be stupid enough to type that in as well as everything else?
Of course, a swift whois on reward-program-2.us turns up a name, address and phone number of someone living in Arkansas. Maybe this is faked (the details of another victim of identity theft?), or maybe this initially smart looking phisher is actually dumb enough to have allowed their real details to show up in the DNS registry (maybe not, the address is in Arkansas but the phone number is in Florida?). Oops. I can't be bothered to call the FBI though, hopefully someone else will. Or call yahoo, who registered the domain this morning (13.44 GMT to be precise), and get them to yank it.