This is why I hate it when companies create new domain names for things instead of using something more sensible (like subdomains). Teaching users that other domains besides the primary are totally legit is a recipe for a disaster of the phishing variety, not to mention how much money is going to inevitably be wasted every year.