It is possible to construct a malicious link to the login page containing a service URL which redirects the user to a phishing form which looks just like the login form. If the user is unaware of the URL, they might give their credentials away thinking their session just timed out.
It is possible to construct a malicious link to the login page containing a service URL which redirects the user to a phishing form which looks just like the login form. If the user is unaware of the URL, they might give their credentials away thinking their session just timed out.