|ww.pof.com?Page 1 of 1 |
|I accidentally mistyped www.pof.com as ww.pof.com- and it showed a very similar site. Strange thing was it kept prompting me for a password even though I was currently logged into POF. Any chance this is a scam password harvesting site?|
Posted: 5/8/2012 8:02:01 AM
|....except that isn't what the guy said.|
He said he accidentally typed in the URL and it brought him to a site that looked exactly like POF and asked for a password.
I just found one today called www(dot)it(dot)pof(dot)com
I was not given "a list of possible sites".
It took me directly to the site, which had user profiles, and asked for my password, even though I was logged in to the real POF already.
Posted: 5/8/2012 1:25:52 PM
|The domain in both cases is pof.com - it looks as though the web server is configured to ignore the prefix. You can go to fake.pof.com and still hit the site. You can test this by opening a command prompt (Windows) or terminal (Mac, Linux, etc...) and doing an nslookup on the various domains... this gives you the machine-friendly IP address for the human-friendly domain name. It's kinda like looking up a phone number in the phone book. In all cases they'll resolve to the same IP address.|
However if you browse to fake.pof.com then you wont show as being signed in even if you're logged in to www.pof.com because the site uses a cookie to identify you and the cookie includes the prefix.