On Fri, 1 May 2009, Adam Katz wrote:

John Hardin wrote:
How would the phisher collect the password info from their target using a forged sender address?

A web form.

Hrm. Okay, I'll buy that. If you're going to spearfish a specific organization then it would be reasonable to put the effort into forging a password capture website that looks plausible.

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Ignorance doesn't make stuff not exist.               -- Bucky Katt
-----------------------------------------------------------------------
 7 days until the 64th anniversary of VE day

Reply via email to