This attack illustrates the abuse of trusted domains, the practice of server-side phishing email validation ... JavaScript code will automatically extract and insert that email into the form.