Phishing with Google
Tuesday, October 19th, 2004Well, still no response from google about the security flaw, so I’ve added in another more interesting example, this one replaces the google page with a simple form telling the user that google is now a subscription service and asking for their credit card details, then upon submission the info goes to my site, before returning the user to google with a thankyou - only works in windows IE (inserting dynamic script elements is easiest there) For those of you without IE, this is what it looks like:
I think this sort of phishing would likely result in a large takeup. Hopefully google will start listening soon, this time I’ve posted to bugtraq too.