|
Bug Reports & Feature Requests : Tradebit
Have discovered an error or do you urgently need a new function? Post it!
Possible security loophole?
Posted by: jssprods (IP Logged)
Date: March 20, 2008 12:30PM
Maybe I have missed something here but better safe that sorry so I'll post anyway "just in case". Have also sent an email about this to Tbit support.
Yesterday I received an email notice of sale of an item on Tbit. The email included the usual Paypal detail and a link to go check the sale. This link opened what appeared to be a Paypal account. However the sale was paid to an email account I use for support etc via my Tradebit account. (The one where you have to enter a few scrambled characters). I ignored the login page from this email and logged into my Paypal account via my own known-good link. There was no sign of the sale there! Had I logged in via the email notice then (if that was a spoof site) it would have revealed by Paypal password! I may well have missed something here - would appreciate the detail if so. Here's is a suitable blanked copy of the email I received:- Dear "my-Tbit support email address was here", Tradebit Inc. just sent you $x.xx USD with PayPal. Click [www.paypal.com] support email address again here to claim your payment. ----------------------------------- Don't have a PayPal account? ----------------------------------- Sign-up is fast and free. With PayPal, you can pay online without sharing your financial information. You can also: - Send money to or request money from anyone with an email address in 190 countries and regions. - Shop at millions of online stores. ----------------------------------- Already have a PayPal account? ----------------------------------- Tradebit Inc. sent this payment to an address that isn't linked to your PayPal account. Log in to PayPal to add this email address to your account and receive this payment. Please claim your payment within 30 days. After 30 days, the payment will be returned to your sender. Sincerely, PayPal ---------------------------------------------------------------- PayPal Email ID xxxxx ==== end of email === ps My paypal account is in the Uk and the email appears to from Paypal U.S. Re: Possible security loophole?
Posted by: puzzler (IP Logged)
Date: March 21, 2008 07:11AM
hi,
i think this is a legit email notification, that we have sent you your publisher payout! The payout goes to the second email in your account and you should automatically accept that payment. You want your payout, right? ralf Sorry, only registered users may post in this forum.
|
 |
|
|
|
Sitemap | Affiliates | Link to us | Bookmark! | Terms & Conditions | Privacy Policy © 2004 - 2008 Tradebit Inc. |
|
|
|
||||||||||||||||||||
(0)