IT Security: how to make a phishing website

One of them, called "How to Maker a Phisher (fake login site)" is a step by step video showing exactly how to make a fake PayPal site and how to collect the data.

But there's just one small cock up.

The demonstrator goes to the correct paypal site. He first goes to the real PayPal site, copies the code and then makes a new copy website which, looks exactly like the real thing but, when a user completes the login the data is stored in a "flat file" (that's a text file instead of a database).

The demonstrator shows exactly how to edit PayPal's original code so that when a user completes the login he is taken immediately to the real login page at the real paypal site.

It's not very original and its not very clever. And arguably, it shouldn't be allowed.

But in truth, there's nothing new in any of what he does, and the bad guys know this and much more. But for those who are not very techie minded, it does open the opportunity for someone sitting in an internet cafe to set up a phishing site in about five minutes, and then collect the data from anywhere later.All you need is some hosting space somewhere.

But there is something extremely amusing about the video. The demonstrator appears to be a PayPal user and he has logged into the real PayPal. When he visits the site, what appears to be his login name i.e. his e-mail address appears. This happens when a browser has been told to remember login info.

In this case, it's sharonandmartin@msn.com.

The presenter has an obviously southern English accent.

There you go, PayPal. Don't say we never do anything for you.

Off you go, then.