Originally Posted by dchang1
Agreed...phishers do this for financial gain.
As for forwarding suspected phishing attacks to the actual institution...that's oftentimes not the most useful format for the company to investigate. By saving the message source including all the header information, you are giving alot more information than just hitting forward. The company can then see exactly how the message was sent and the underlying content information in the phish.
You're assuming that we (I) do not already do this when forwarding a phish. And even for those who do not, if the phish is HTML, which most of them are, the "forwarding target security people" can get all the real info they want by 'viewing source' to see the underlying IP targets.
Most every phishing ebay, PayPal and bank header I forward nowadays is so jacked up/faked up as to be useless. But, the
real phishing server is always there to be seen in the email body somehow.