So we are doing a quick and standard “I need to be seen” if condition and
then calling our onload function, which opens up phish.html.
Our phish.html will look a lot like our forward e-mail we sent earlier, and so
we will create the forms that allow the victim to log in, but instead of doing a
POST that logs the victim into the site, we will just be kind and thank the
victim. Our simple code looks like this:
<html>
<head><title>Bank of Phishing - Please Log in</title></head>
<body bgcolor=white>
<img src="http://bank.securescience.net/bank/images/key.gif"
width="66" height="41" align="middle" alt="Key to Security">
<P>
<form method="GET" action="cgi/Thanks.cgi"> ...