Another forum I frequent has today seen an attack where a new user posted a seemingly valid thread with a link to show his problem, when you clicked on this link it displayed an identical page to the standard forum requesting you logged in again attempting to trick the user into thinking they had been logged out, if you entered a user/password and hit enter it took you back to the genuine forum start page. Needless to say if you did check the url it was not the correct one but I wonder how many folks actually always check this at login time. Not sure if they wanted to hijack the forum in some way or merely harvest user/password combinations which may have been used for say a banking application or the like.
Stuart