26 Aug
2005
26 Aug
'05
8:08 a.m.
Though, throwing a nice "Change your password NOW plzkthxbye." would be appropriate in a trigger to clicking a link off the site.
On undernet if we detect them coming from a phishing site, we just change their password to something they don't know. Then they have to go through the forgotten password procedure. We also have several "dummy" accounts that when we detect phishing we "login" as. Then when the dummy accounts turn up being used on our site we can use that to figure out which other accounts have been lost.