posted on October 9, 2001 09:46:37 AM new
I have been getting emails all day from [email protected]. Each of these would re-direct me to some other site. I thought that was strange but did not pay it any mind.
About 30 minutes ago I receive another email from [email protected] with the title: PayPal has launched a new service! I clicked on it and the email read as follows:
"Dear PayPal users,
X.com and PayPal.com is inviting you to visit our new web site www.paypalebay.com
and check the newest service that we have provided.
By logging with your PayPal.com e-mail address and password you can setup
your paypalebay.com account that will give you some new options for online
auctions at Ebay.com .
Do not lose your time click here www.paypalebay.com and login!
Have luck at the online auctions at Ebay.com with your paypalebay.com account
GoodBye
Best regards,
PayPal Support Team"
I clicked on the link and came to a PayPal/eBay page. I thought it was that new check out system. I thought man they actually gave PayPal a crack at their new cart system. Anyway, I entered my email ID and my password. The page became static. I realized, after staring at the screen for 7.25 sec. that I had been HAD!
They now have my email ID and Password. I had to change the password on 6 accounts. Please be very careful with any unscheduled emails coming from [email protected]
Thank you for posting this. As a reminder to other users, please do not log in on any site that is not www.paypal.com that asks for your user id/password---please report these items to us immediately.
posted on October 10, 2001 08:35:36 PM new
This relates to a point I've made in my discussions of domain name issues -- the extensive use of silly marketing-gimmick domain names instead of following the logical structure of the domain name system and using subdomains of a company or organization's domain for sites affiliated with it -- can have very dangerous effects. A scam artist can put up a site at an address like "paypalebay.com" and actually fool people into thinking it's officially affiliated with PayPal and/or Ebay. This is believable because companies like these have in fact put up all sorts of sites under all sorts of domain names that look vaguely related to their company name, like "ebaymotors.com", so that there's some plausibility to another such site being authentic.
If, instead, companies were rigorous about using domains logically, and the only true Ebay sites were in "ebay.com" (and subdomains like "cars.ebay.com", "liveauctions.ebay.com", etc.), then they could educate the consumers not to trust any site that wasn't in that domain. Scam artists would have no way of setting up a subdomain like this, but they can register other domains that contain "ebay" or "paypal" as a substring.
The companies have lost their chance to take this high ground, since their marketing types have insisted on using so many cutesy slogan domain names that the public no longer even understands the true logical structure the names are supposed to have. And that makes them easy prey for scam artists.