I've been noticing a lot of phishing emails lately. It was my belief that in order for them to successfully steal your information, you had to follow their link and sign into whatever page they have.

Some of the "fine folks" offering services for this say all they have to do is get the victim to open the e-mail, nothing more.

What's the truth?

You either login your information to someone's custom built page or simply open their e-mail?

You have to login. Phishing works by getting you to log in to or enter information in a false site. This false site logs all the info and gives it to the phisher. So opening the email does NOT do anything.

i agree,they will have to log in.You can also use the same thing to send and html email pretending to be from your{thier} server and use the click link to get them infected.Not long ago i made a nice one from xxx server,appeared to be the real thing,and a... yeah i included a nice keylogger for the victims to download as a "new virus scanner" feature.Now im in need of a nice online anonymous mailer that let me send attachments{.exe} anybody know of one? private message me ok

I've been noticing a lot of phishing emails lately. It was my belief that in order for them to successfully steal your information, you had to follow their link and sign into whatever page they have.

Some of the "fine folks" offering services for this say all they have to do is get the victim to open the e-mail, nothing more.

What's the truth?

You either login your information to someone's custom built page or simply open their e-mail?

It is possible, but it's not phishing.

First, a definition of phishing. Phishing is the art of using social engineering to obtain sensitive information.

To get into someone's account by them simply opening a link, their webmail service must first be vulnerable to malicious code being injected into emails (without filtering). With that established, an attacker can embed malicious javascript code into an email to you, which sends your cookie data to a remote server, either through an iframe or just a plain javascript redirect. With their cookie information, you can steal their login session and use their account for a limited amount of time.

Which is why it is possible to steal accounts by the victims simply opening an email. Vulnerabilities in the filtering of incoming emails are often the most damaging to a webmail provider, bypassing the usual need for the victim to click a malicious link to put themselves at risk. But as said before, this isn't phishing. Phishing is a very basic and unsuccessful method of obtaining login details; the more successful attacks utilize vulnerabilities in the webmail site itself.

ya i actully made a fake login screen and i made a code with an in****ble link all over my profile and if you clicked anywhere you went steight to it and you would not beleive how many dumb asses fell for it but sadly that code with the in****ble image was patched if you want you can download the fake login screen below and use it for your own use if you want you could just erase all the myspace stuff and make it into a fake login screen for yahoo or hotmail or something or maybe just think of another way on myspace

download link: http://login2myspace2.t*5.com/(new) wdyl 2007 hacking ones myspace username and password.zip

NOTE: THE CODE IN THE FILE FOR THE LINK ABOVE DOES NOT WORK ANY MORE THINK OF A DIFFERENT WAY TO MAKE PEOPLE GET TO YOUR FAKE LOGIN

ps this has a brand new myspace login screen

Hi mike!
I am new to all-nettools and very much impressed by ur skill !!

:)