Phishing with Google

Well, still no response from google about the security flaw, so I’ve added in another more interesting example, this one replaces the google page with a simple form telling the user that google is now a subscription service and asking for their credit card details, then upon submission the info goes to my site, before returning the user to google with a thankyou - only works in windows IE (inserting dynamic script elements is easiest there) For those of you without IE, this is what it looks like:

Screenshot of Google Phishing Exploit

I think this sort of phishing would likely result in a large takeup. Hopefully google will start listening soon, this time I’ve posted to bugtraq too.


  1. Francesco Says:

    Sei stato grande!!! very, very good!!!

  2. Amir Says:

    gmail is crap as you can’t get an account beacuse nobody would send me an invertation and people ceep on breaking into my account wiht i have made one wiht yahoo but it is horrable. i have been waiting ot get an account for two years!!!