Here is some info from our security team:
Hasn’t that site been up in the past, also? I remember seeing it before.
How would one know if he or she logged into the bogus site during the time in question?
well what’s the site? Let me know so I can avoid it.
Name of the website?
The site looked like College Confidential, ClassOf2015HS, but the url in the address bar was different. For safety reasons, we don’t want it posted here. We think it was a fairly harmless attempt to add affiliate cookies to visitors (e.g., if you place an order online at a site for which they added a cookie, they would get a commission from that site), and there was no apparent malware or phishing. But we can’t be certain there weren’t other motives.
The nature of the web is that it is very easy to create a site that looks identical to another site. Bank and financial sites are often copied as part of phishing scams to get login info from the visitors they dupe.
General advice: always be very careful about clicking on links in emails you receive - often, phishing sites drive traffic by sending out millions of legitimate-looking emails that appear to come from major banks or social sites. The email links to a copy site that prompts you to log in. Hover over links to see where they go before clicking.
And, regardless of how you got to a site, keep an eye on the address bar in your browser to be sure you are really on the right site. Search results, website links, etc., can also be used to direct you to bogus sites.
Dumb question…How do I change my password on this site?
Hi Jonri…after you log into the site click on ‘My Control Panel’ from the top nav bar, then go to ‘Settings and Options’ and select ‘Edit E-mail & Password’.
any update?
No update, the bogus site has been disabled in a way that it no longer looks like the real CC. End of story.
If our settings are “stay logged in” and so we are not re-entering our password at all, I’m assuming there is no issue here. Correct?
That’s my understanding, 'rentof2.
no problems if we’re using the app?
None at all, withoutausername. The app is coded to deliver the real CC.