Nothing new here. It's a general safety rule: Do not sign in with you username/password on any web-site, unless you typed the host address in the browser yourself.
Another related rule: if you do that, start a new browser, especially for important logins where money is involved. (This helps avoiding some other complicated schemes, - I don't want to go too technical). Igor
