PCWorld: "You're surfing and shopping, and you stumble on a site that bears the Microsoft Passport logo. It's a graphical clue that you can simply enter your Passport log-in
(your e-mail address) and your Passport password and start spending--the site is a Microsoft partner that already has access to your Microsoft Wallet (which contains
information like your name, credit card numbers, and shipping and billing preferences). It's for your convenience, Microsoft says, so you don't have to re-enter such
But could the site actually be a faÃ§ade that has just recorded your Passport log-in and password? And do the hackers who run the fake site next head to a real
Passport site, where they log in as you and review your credit card information?"