posted on December 6, 2000 10:55:54 AMPS....and any legitimate site would NEVER ask for your password from another site!!!
If you go to PayPal's web site and want PayPal logos inserted into your auction, they ask you to provide your eBay password to do so.
The problem here is that by giving your password, you are giving someone access to your money. If you have bank accounts tied to your PayPal account, the power you are giving these people is incredible.
Even though I wish it could, I don't think that PayPal can have this site shut down. The site is for members who choose to join and provide their PayPal information.
This is from their info page:
AuXpal.com is owned and operated by NoBidding, Inc. NoBidding introduced the world to NoBidding.com in March 1999.
The AuXpal concept was conceived in August 2000 by NoBidding CEO, Ed Orlando. "Our mission has always been the same - making person to person online transactions easier", explains Orlando. "The most frustrating and tiresome procedure in an online auction is the actual transfer of funds from the buyer to the seller."
X.com's PayPal system dramatically improved the way we pay each other. However, there is still a significant delay after an auction ends to allow the buyer and seller to communicate payment information. AuXpal uses breakthrough technology that seamlessly integrates PayPal into its auctions providing a smooth experience for its users. Every successful auction is paid within 30 minutes of its ending.
"Our revolutionary system will change online auctions forever", says Orlando. "AuXpal will continue to redefine online auctions on a daily basis as we remain on the cutting edge of technology."
NoBidding, Inc. has plans to be traded publicly before January 2002.
posted on December 6, 2000 10:56:53 AM
Setting the scam issue aside for a moment, it would see to me that there would be a strong case of trademark and intellectual property infringement against Paypal by the creator of the site. This new website is almost identical in appearance and likeness to Paypal and misleads users into believing they are one and the same company. The fact that they emailed potential users and represented or mislead themselves as Paypal will surely end them up in court. I stongly recommend that you avoid this website until the authorities have a chance to check them out.
posted on December 6, 2000 11:02:05 AM
YOU HAVE TO BE A GRADE A IDIOT TO GIVE OUT A PASSWORD THAT IS DIRECTLY LINKED TO YOUR FUNDS IN A BANK ACCOUNT OR CC.
I MEAN COME ON PEOPLE !
YOU DON'T HAVE TO BE EINSTEIN TO KNOW THAT !!!!!!!!
posted on December 6, 2000 11:26:06 AM
The ONLY way this could work is if buyer and seller BOTH gave their account password to this person's site.
NOT A GOOD IDEA! Even if the site is honest, unless the internal and external security is rock-solid, this will be a very tempting target for hackers. And I don't trust a one-horse domain hosted on Microsoft-powered servers to be secure against hackers. Way too many holes!
And the chain of domain owners is quite confusing ...
posted on December 6, 2000 11:48:27 AM
NOOOOOO ... Please don't invite PayPalDemon here ... we've had enough politicking on the news since November 7th to last a lifetime
posted on December 6, 2000 12:18:49 PM
Even if it's not a scam, they are soooo dumb in sooo many ways I wouldn't trust them with my password.
BTW, are they going to verify your account/CC when you place the bid? Otherwise you will still have deadbeats: buyers who will either max out their credit cards or not have enough funds in their bank account to cover purchases.
IMHO the idea of an auction site without deadbeats is a pipe dream.
posted on December 6, 2000 01:29:39 PM
damon,
How much damage has been done to our account if we already gave it to them.
I immediately changed my paypal password but is that going to be enough.
PLEASE ANSWER!
.
edited for packer by packer!!
.
Having a BAD HAIR DAY! ...
Organization:
NoBidding, Inc.
Edward Orlando
5636 Grace Ave
Bethlehem, PA 18017 US
Phone: 610 866 9349
Email: [email protected]
Domain Name: auxpal.com
Created on..............: Wed, Oct 04, 2000
Expires on..............: Thu, Oct 04, 2001
Record last updated on..: Wed, Oct 04, 2000
Administrative Contact:
NoBidding, Inc.
Edward Orlando
5636 Grace Ave
Bethlehem, PA 18017
US
Phone: 610 866 9349
Email: [email protected]
Technical Contact, Zone Contact:
Register.Com
Domain Registrar
575 8th Avenue - 11th Floor
New York, NY 10018
US
Phone: 212-798-9200
Fax..: 212-629-9305
Email: [email protected]
If you changed your password you will be ok. If there are any transactions out of the account, please let customer service know. All sensitive financial information (credit card and bank account numbers) are not visible when logged in.
I have to repeat...DO NOT give your password to anyone or login to any site asking for your password that is not PayPal.com.
posted on December 6, 2000 02:03:40 PM
damon,
WHEEW! Thank you for that very important information.
It was a concern for many of us that plunged right in without "thinking" first.
But you have to admit, its a great idea!
PayPal should consider it.
Thanks again,
.
edited for packer by packer!!
.
Having a BAD HAIR DAY! ...
posted on December 6, 2000 02:19:05 PM
Damon, thanks for the reassurance.
Packer is right, PayPal should consider doing something like that. In light of how many people were interested in the AuXpal site before the realization dawned that it wasn't affiliated with PayPal, just imagine how many users you'd get for a legitimate PayPal-run site.
Dang, now I'm no longer verified at PayPal because I deleted my bank account info in a panic.
Edited to add:
If anyone saved the original register page, there are several ways to accomplish getting the info with variouus JavaScripting.
[ edited by abacaxi on Dec 6, 2000 02:37 PM ]
posted on December 6, 2000 03:41:39 PM
Poton- Now of course the idea is a great one! Also, thanks for the great slueth work on posting the site info. You are a top detective!
Capriole- I emailed the thread to him..hee hee!
And here's what came back!
Please use one of the following methods to contact a register.com Customer Support Representative.
posted on December 6, 2000 04:22:37 PM
At this point I'm more concerned about how much faith we can put into VeriSign....?
http://www.verisign.com/
[ edited by Empires on Dec 6, 2000 04:24 PM ]
posted on December 6, 2000 04:36:23 PM
Hi Pocono I didn't copy it, but when I posted yours was first, I usually don't read big comment almost 75% of the time, mucho blah blah but nothing in concrete, that's probably I skiped your post because I saw a big message, but I did this before in the past with other strange sites, but yes, you posted first
posted on December 6, 2000 04:44:26 PM
Empires ~ VeriSign has been around for a very long time in net years anyhow ... since 1995.
It can be costly to set up with certificates for your website (350 and up).. although, I'm not sure what all is part of being able to do so. I'm sure the site has that sort of information.
Verisign is one of the industry leaders in this sort of thing... however they're only as good as the 'site' they're issuing the certificates for.. ya know?
posted on December 6, 2000 04:49:59 PM
rosiebud... I have no love for VeriSign, as they are the tunnel that these type of intellectual properties are allowed to be stolen through. They take the money, they should be resposnible for their client representation as well. 1995 sounds like a cheap wine to me to age gracefully...
Digitalman Word up!
[ edited by Empires on Dec 6, 2000 04:51 PM ]
posted on December 6, 2000 05:06:14 PM
Empires, the problem is that if you didn't have companies, such as Verisign.. you would not have "trust" on the net. Without that trust, ecommerce would not be able to take place.
There are so many different sites that depend on companies such as VeriSign, Thawte, etc. If you use Netscape, click on the little "lock" down in the lower left corner to open up the security profile.. and then go to "certificates" "signers" and take a look at the small number of companies that issue certificates to places on the net.
Digital Certificates, Secure Site Services, etc are just the tip of the iceburg in getting people to 'trust' enough to spend money on the web. Without that trust, none of us would be here.
Anyone could obtain the certificates, get the secure servers.. and spend a lot of money.. just to defraud the public. That is always a possibility...... but I'd feel.. in a case such as that.. if the public can easily be defrauded.. then what 'steps' did the company take to defraud ... in this case.. VeriSign?
(this post is not to be taken that this has actually happened.. it's just a theoretical supposition)