Missing information
The article fails to mention how a user activates the script, which requires that a user get tricked into clicking on an email link or a web link. It would be nice for a change to see the articles provide advice on how not to get phished. The demo page has good advice in this respect, especially to bookmark the right web site. After reading the anti-phishing advice given by over 60 banks and never seeing the word bookmark or add to favorites, it is nice to see that the demo page has accurate advice. Let's get the focus off how to recognize phishing attacks and tell people how to not get phished. Bookmark the legitimate address for the bank and never use any other means of geting to the web site and you will not get phished. Focus on Real, not on Fake!!