PayPaI
PaypaI is a phishing scam, which targets account holders of the widely used internet payment service, PayPal, taking advantage of the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer fonts. This is a form of a homograph attack.
The scam involves sending PayPal account holders a notification email claiming that PayPal has "temporarily suspended" their account. Instead of linking to PayPal.com, the site references in the email link to a convincing duplicate of the site at paypai.com, in the hope that the user will enter their PayPal login details, which the owner of paypai.com can then store and use.
History
Paypai was first active in mid-2000. It sent account holders of PayPal bogus payment receipt notifications, mimicking those sent by PayPal, indicating that the account holder had received a large payment and directed recipients to paypai.com through a link in the message.[1][2]
The site, paypaI.com, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural, Russia.[1][2]
At the time, MS Sans Serif, a font similar to Arial that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When Windows XP was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L".[citation needed]
Paypai scams resurfaced in 2011,[3] 2012,[4] 2017, and 2020.[citation needed]
References
- ^ a b Knowles, William (July 22, 2000). "Scam artist copies PayPal Web site". Information Security News mailing list archives. SecLists.Org. Retrieved February 18, 2012.
- ^ a b Sullivan, Bob (July 24, 2000). "PayPal alert! Beware the 'PaypaI' scam". ZDNet UK. Retrieved February 18, 2012.
- ^ Mustaca, Sorin (February 12, 2011). "Old tricks, new language: "Paypai" in German". TechBlog. Avira GmbH. Archived from the original on March 4, 2012. Retrieved February 17, 2012.
- ^ MinnieApolis (January 27, 2012). "New Twist on PayPaL Phishing is from PayPaI (with an i)". Newsvine. Retrieved February 17, 2012.
- v
- t
- e
- Scam
- Error account
- Shill
- Shyster
- Sucker list
confidence tricks
- 1992 Indian stock market scam
- 2G spectrum case
- Advance-fee scam
- Art student scam
- Badger game
- Bait-and-switch
- Black money scam
- Blessing scam
- Bogus escrow
- Boiler room
- Bride scam
- Charity fraud
- Clip joint
- Coin-matching game
- Coin rolling scams
- Drop swindle
- Embarrassing cheque
- Exit scam
- Extraterrestrial real estate
- Fiddle game
- Fine print
- Foreclosure rescue scheme
- Foreign exchange fraud
- Fortune telling fraud
- Gem scam
- Get-rich-quick scheme
- Green goods scam
- Hustling
- Indian coal allocation scam
- IRS impersonation scam
- Intellectual property scams
- Kansas City Shuffle
- Locksmith scam
- Long firm
- Miracle cars scam
- Mismarking
- Mock auction
- Moving scam
- Overpayment scam
- Patent safe
- Pig in a poke
- Pigeon drop
- Pork barrel
- Pump and dump
- Redemption/A4V schemes
- Reloading scam
- Return fraud
- Salting
- Shell game
- Sick baby hoax
- SIM swap scam
- Slavery reparations scam
- Spanish Prisoner
- SSA impersonation scam
- SSC Scam
- Strip search phone call scam
- Swampland in Florida
- Technical support scam
- Telemarketing fraud
- Thai tailor scam
- Thai zig zag scam
- Three-card monte
- Trojan horse
- White van speaker scam
- Work-at-home scheme
countermeasures
- Avalanche
- Pig Butchering
- Carding
- Catfishing
- Click fraud
- Clickjacking
- Cramming
- Cryptocurrency scams
- Cybercrime
- CyberThrill
- DarkMarket
- Domain name scams
- Email authentication
- Email fraud
- Internet vigilantism
- Lenny anti-scam bot
- Lottery scam
- PayPai
- Phishing
- Referer spoofing
- Ripoff Report
- Rock Phish
- Romance scam
- Russian Business Network
- SaferNet
- Scam baiting
- 419eater.com
- Jim Browning
- Kitboga
- Scammer Payback
- ShadowCrew
- Spoofed URL
- Spoofing attack
- Stock Generation
- Voice phishing
- Website reputation ratings
Ponzi schemes
- Aman Futures Group
- Bernard Cornfeld
- Caritas
- Dona Branca
- Earl Jones
- Ezubao
- Foundation for New Era Philanthropy
- Franchise fraud
- High-yield investment program (HYIP)
- Investors Overseas Service
- Kapa investment scam
- Kubus scheme
- Madoff investment scandal
- Make Money Fast
- Matrix scheme
- MMM
- Petters Group Worldwide
- Pyramid schemes in Albania
- Reed Slatkin
- Saradha Group financial scandal
- Secret Sister
- Scott W. Rothstein
- Stanford Financial Group
- Welsh Thrasher faith scam