Wow. Yeah that's genius. It would definitely catch me as I just visit the domain to see if it's legit and don't think about redirects. e.g. gogle.com -> google.com
Nothing new. I used to create fake, for example, myspace login pages, host them somewhere, harvest the credentials then redirect back to myspace.com login
I used to do that too!! I wasn't malicious enough to do anything with them so I would just login to random accounts and poke around and occasionally show my friends by logging into the accounts of people we knew.
