webmail security

Today at work, I accidentally overheard a co-workers phone conversation. He was telling somebody that he needed to hack someones hotmail account. He said he searched some forums and found some ways to send an email with a link, and if the receipent clicks that link, the account password would be sent to him. He said that it was easier to hack gmail or yahoo accounts, but that he finally find a way for hotmail and that he was testing it to see if it worked.

Gladly I don't click links in my email, so I'm not to worried about this, but is such a method possible?

 

It's simply phishing. Send a link to the victim > the victim clicks the link > the victim enters his/her user ID/password, done.

 

Yeah, I thought so, but is there a way that doesn't require the victim to enter ID/password?

 

XSS could be an option.

 

Saw it working today, you were right...good old fashioned phishing

 

Nothing high-tech, eh?