Yesterday I changed carriers from Verizon to Cincinnati Bell, as intended. I have my new blue Moto Razr V3, and I purchased the somewhat steep ($30) Motorola Phone Tools.

I'm very happy with the phone, the no-contract plan, my new, less-expensive BlueTooth headset, and the tools. I've already uploaded a new wallpaper, a ringtone of my mom playing a Brahms piano waltz, and a nice picture of a friend to display when she calls.

I haven't set up the other features, but it's possible to use the phone as a modem, and to send/receive emails (POP3 only, unfortunately).

All in all, a good decision. I'll be emailing Verizon soon with the reasons for my switch, emphasizing that their customer service was always excellent, and that I simply don't agree with their policy of disabling phone features such as transfering images.

I very recently upgraded my Verizon service to a 2-year contract and a new Motorola Razr V3c phone. It's unusual that I'll take back a purchase, but in this case I'm going to. I'm within my 15 day return period, so I should get a full refund (except for the holster that I destroyed using a Dremel. I expect to take a loss on that. Uh, I'll tell you the story in another post.)

So, you're asking why? Why return this superb little phone?

It's not the phone. It's the intentional disabling of certain features. Specifically, Motorola sells their Phone Tools, that allow a user to access phone features from a PC, including transfering pictures and ring tones. This ability is disabled by Verizon. The software is an extra purchase (okay, I guess), so I really feel I should get all the abilities. The reason Verizon disables those features is to force their customers to pay for the privilege of getting new ringtones from their online store.

I don't like that.

So, before I return my phone, I'll be starting new phone service through Cincinnati Bell. And, I'll be getting a nice, new blue Razr. And I'll purchase the software, and all will be well. Oh, yeah, I'll also pay $10 more per month and get unlimited calling to any Cincinnati Bell phone number. I'm pretty sure, living in Cincinnati, that most of my calls are to such numbers. I'll probably break even on that part.

I may take a loss on this deal, somewhere, but I'll feel much better about my purchase. I really wanted to stay loyal to Verizon. They've given me very good service in the past, and I have a personal reason for wanting to support them. But this issue tips the scale the wrong way.

I don't usually look carefully at emails I get purporting to be from PayPal; I know they're frauds. But this one is fairly impressive.

Here's the correct URL to PayPal's login screen
https://www.paypal.com/cgi-bin/webscr?cmd=\_login-run

Here's the text of the link that appears in the phishing email:
https://www.paypal.com/us/cgi-bin/webscr?cmd=\_login-run

And, here's the actual URL for that link, which I could see by hovering over it, or by right-clicking and choosing Copy Link, then pasting into a text editor.
http://www-paypal.org/us/cgi-bin/webscrcmd=\_login+run/index.htm?logIN=upDate

Now, as expected, the link text is almost exactly like the actual PayPal URL. But what's unexpected is how close the actual URL is to the PayPal URL. A casual eye would say they're close enough to be legitimate.

The phishing URL is different in these critical ways:
1. The PayPal domain is ]www.paypal.com. The phishing domain is www-paypal.org. Someone went to the trouble of registering this.

2. The PayPal path is /cgi-bin/. This is followed by a CGI command (or filename, not sure which), "webscr", and then the parameters and arguments for the command, cmd=_login-run

3. However, the phishing path is us/cgi-bin/webscrcmd=_login+run/. Do you see how they make it look almost like the CGI command? This is followed by a standard web page, "index.htm", which is receiving a bogus parameter and argument "logIN=upDate".

4. I opened just the phishing index page. It looks almost exactly like the main PayPal page. The only difference is that, if you try to log in, you'll be passing your username and password to the thieves instead of PayPal.