This is a theory, and before you flame THIS HAVE NOT been tested as it's a theory.
The idea!
The idea is to create a phisin site that acctualy work. Yes i said work.
What do i mean by work ?
What i mean is a site that acctualy checks wheter an account exists, or not then forwarding them to the real page, but inbetween copying their username and password.
How to ?
A phising site is the easy part, the real problem comes when we will redirect the user, or rather, check when the user enter his login details.
I've worked out the steps, and the order that must happen.
Order!
Get user to the site
Make them feel secure
Enter login details
Checking their details (and make sure it checks towards both eu and us)
If correct, save, else redirect with a error querystring or something like that.
and last, redirect them to the real site.
Most of theese steps are easy to do, what is needed and that WILL need some serious thinking and planning is the user detail check.
Please, ONLY consturctive critisim.
Thanks for reading!