I received the email below from a friend whose Gmail account had clearly been compromised (followed by an apology email from the same friend).
The email includes a link to sign into Google docs to view a “very important” document. Clicking on the link leads to a somewhat convincing page with login options for a variety of domains/services including Gmail, Yahoo, Windows Live, AOL, and if these are not covered, then any other account. Clicking on any of the icons pops up the grey login box shown in the screenshot below. We define such a page as “greedy phishing” (this is an unofficial definition) as the phishers are not content with only stealing credentials to one site.
The page was stored on a compromised website (frontroom.org.uk) that continued to function as usual while the phishing page ran within the site.