Everyone probably knows this, but to those who don't:
Once you have phished someone, and logged in as them, do NOT log out, if you can help it. If they change their password a thousand times, and you are still logged in, you will have access to that account no matter what they do.
Once I kept Safari open to stay logged in to someone's MySpace while I normally used Firefox, my main browser. It works like a charm. You can lull them in to a false sense of security by not changing anything, and bam, it's all yours.
Good luck, be sneaky!
