I have seen one phishing site which did exactly that- It tried to login to the real site with the credentials you supplied; if it returned a successful login, the userid/password was logged. If it returned a 'access denied' the userid/password was not logged.
________________________________________________ Ross Thomson | Capgemini | Southbank Anti-Virus Content Management | Outsourcing Int: 700 3621 | Ext: + 44 (0)870 904 3621 [EMAIL PROTECTED] | www.capgemini.com 95-97 Wandsworth Road, London. SW8 2HG Join the Collaborative Business Experience ________________________________________________ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jasper Bryant-Greene Sent: 31 March 2006 09:11 To: Marcos Agüero Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should NotFollow Marcos Agüero wrote: > Michal Zalewski escribió: >> On Fri, 31 Mar 2006 [EMAIL PROTECTED] wrote: >> >>> If the website then presents you with the "Logon failed" page, you >>> are possibly on a legitimate website, so you may proceed with >>> logging in using your correct credentials. If it gets you right >>> through - it is definitely a phishing attempt. >> Note to self: design my next phishing website to always display >> "logon failed". > Just as most of the phishing sites already do. Really? I thought they somehow magically knew enough about you to sign you in properly and display all the correct details ;) Seriously though, it wouldn't be that hard to forward the POST on to the real bank website, would it? -- Jasper Bryant-Greene General Manager Album Limited http://www.album.co.nz/ 0800 4 ALBUM [EMAIL PROTECTED] 021 708 334 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/