Dana got Alex thinking about RSS Spoofing, which in turn got me thinking about RSS Hijacking.

Imagine you find some reliable, popular site that is cross-site scriptable. Send out a few million phishing emails that add an RSS feed to the page via scripting and “target” adds said RSS feed to their reader. Continue with the thought Alex had about tracking valid info for a while, and then pouncing.

Now of course there are some diminishing returns here - most RSS readers are fairly tech savvy and not likely to fall pray to a phishing scam, but RSS is gaining popularity…