On Fri, 1 May 2009, Adam Katz wrote:
John Hardin wrote:
How would the phisher collect the password info from their target using
a forged sender address?
A web form.
Hrm. Okay, I'll buy that. If you're going to spearfish a specific
organization then it would be reasonable to put the effort into forging a
password capture website that looks plausible.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Ignorance doesn't make stuff not exist. -- Bucky Katt
-----------------------------------------------------------------------
7 days until the 64th anniversary of VE day
