I already talked about OpenID (here or here). OpenID is a web based solution which provides single sign-on to other websites: once authenticated via a “provider“, you are able to use a lot of services (websites) via “consumers“. This system is very user-friendly but is also a good target for phishers! Why?
A lot of commercial or financial websites are victims of phishing attacks. Today, there is a business behing malicious activities. You’ve money or personal data which also have a price on the underground market (SS#, CC#, …).
As more and more services are compatible with OpenID, the risks of phishing attacks are much more critical. If you loose your OpenID credentials, you’re potentially vulnerable on *ALL* the compatible websites! Marc Oslot wrote a good paper about OpenID phishing: Beginner’s guide to OpenID phishing.