<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 20, 2013 at 8:05 AM, Tim <span dir="ltr"><<a href="mailto:ignored_mailbox@yahoo.com.au" target="_blank">ignored_mailbox@yahoo.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":37e" style="overflow:hidden">e.g. A fool uses some webservice that asks you to log in with your<br>
hotmail username and password, so they do, despite the face that this<br>
webservice is not hotmail.</div></blockquote></div><br><br></div><div class="gmail_extra">Not quite what you're saying but tangentially related: many web sites are confusing to the naive user. They ask you to register using your email address and a password, without making it clear that they don't mean the password for the email account. I'm sure more than a few people have been caught by that. It doesn't mean the website is malicious, but now the attack front on the password has been expanded.<br>
<br></div><div class="gmail_extra">poc<br></div></div>