A thought, regarding phishing.

[Izaya]

One I rarely have, as it deals with Gaia.
Long ago I was horridly obsessed with the site and everything about it, but times have changed.

Anyhoo,

Why is the idea of phishing all done with FLP/FMP/FLW/ETC, and based on the site itself?
Phishing in the day and age we are in requires ingenuity, and usually a lot of work to start.
Sure, you may get random noobs with 100k max gold whuld fall for promises of items and the like, but that's not what we should be aiming at.
The big accounts, the one with millions, have the same chance to be phished as a noob does, you just have to make it that much better of a lie.

Say for instance, the one who runs the phisher creates a website based on the target site.
Said website becomes popular, not because of false promises, but what it actually can offer.
Database-ing, strategies, advice, tips, fun facts, the like.
Records upon records of how items have fluctuated over time.
I know many users, new and veteran alike, would have use for such a site.
After making it successful, the phisher updates the site, purposefully, bringing it into a new type of format with integration of the target itself.
That integration is wherein lies the potential.
For instance, in all likelihood, if a site is well reputed and does not seem to have an ulterior motive, it is trusted easier.
People dislike using different passwords for different things.
Say for instance that the site brings in a new feature in this update that allows a user to use their own information from their Gaia account to further the functionality of either the phishing or target site.
With the site already trusted, many users would have no issue providing something as simple as a username, and an email.
With that information, and with the hope that the password between the two sites is the same, one could theoretically use the information supplied to attempt an attack upon their account of the target site.

In example. Say I start a site that records, archives, and predicts trends in the Gaian economy. While the records and whatnot would be useful for one visit, the thing that would keep these users coming back is the predictions. In order to make it worth their while, you need to be right a good percentage of the time. Predicting trends in item fluctuation could give the user of the site an advantage over others, allowing them a probability of what will increase in price, and what will drop. Keeping the user coming back and finding the site an actual use is what would give the site potential to be used for phishing, as it would eventually be trusted. I update the site, to allow users to track their own marketplace strategy, and see when they could have made a better profit, and to congratulate them when they chose a good time to sell. All this requires is access to their marketplace buying and selling logs. Whether this information is public or not, being trusted would give the site the benefit of the doubt, and people would use it. The amount of work required to set such a thing up would be phenomenal, but the potential pay-off would be exponentially larger.

The general idea is to phish by playing on their trust, rather than tricking them. It would take several months, if not years to set up and successfully bring about into existence, unless you can somehow magically create a site and have people using it from the start constantly. And who knows, you could possibly even bring about the trust of staff.

Doing suld require a lot of things.
Time, effort, money, patience, skill, and a good amount of acting.
But, in exchange for millions upon millions of gold, would it not be worth it?

Just a thought. Feel free to do with it what you may. I am fully aware something similar has been done before for other sites, and that something similar has been said before.
I myself created a proof of concept of the idea years ago, under the guise of a careers based help site. It was successful in its trial run, which was an experiment done with 20 users. 12 of those users provided their information, and the passwords matched. I know it was possible then, and I believe it possible now, especially if it is taken into greater detail on a larger scale.

[The Unintelligible]

tl;dr please

[syipkpker1]

I believe the bigger accounts with millions is more of a social engineering tactic, though it may take a week to month to actually get the person to do what you want them to do (FLP/download something without them knowing) it will end up working if you have the most up to date programs.. And with all honesty it doesn't take a year to gains someones trust, if you roam the towns and find some people doing some role playing stuff and actually role play with them you can gain their trust quite quickly as I have seen people become friends very fast and they are not so well knowing of FLP's and maybe some other things you may use..