PayPaI

Last updated August 11, 2024

PaypaI is a phishing scam, which targets account holders of the widely used internet payment service, PayPal, taking advantage of the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer fonts. This is a form of a homograph attack.

The scam involves sending PayPal account holders a notification email claiming that PayPal has "temporarily suspended" their account. Instead of linking to PayPal.com, the site references in the email link to a convincing duplicate of the site at paypai.com, in the hope that the user will enter their PayPal login details, which the owner of paypai.com can then store and use.

History

Paypai was first active in mid-2000. It sent account holders of PayPal bogus payment receipt notifications, mimicking those sent by PayPal, indicating that the account holder had received a large payment and directed recipients to paypai.com through a link in the message.^[1]^[2]

The site, paypaI.com, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural, Russia.^[1]^[2]

At the time, MS Sans Serif, a font similar to Arial that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When Windows XP was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L".^{[ citation needed ]}

Paypai scams resurfaced in 2011,^[3] 2012,^[4] 2017, and 2020.^{[ citation needed ]}

Related Research Articles

<span class="mw-page-title-main">Bitstream Vera</span> Typeface series from Bitstream

Vera is a digital typeface superfamily with a liberal license. It was designed by Jim Lyles from the now-defunct Bitstream Inc. type foundry, and it is closely based on Bitstream Prima, for which Lyles was also responsible. It is a TrueType font with full hinting instructions, which improve its rendering quality on low-resolution devices such as computer monitors. The font has also been repackaged as a Type 1 PostScript font, called Bera, for LaTeX users.

A micropayment is a financial transaction involving a very small sum of money and usually one that occurs online. A number of micropayment systems were proposed and developed in the mid-to-late 1990s, all of which were ultimately unsuccessful. A second generation of micropayment systems emerged in the 2010s.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Tahoma (typeface)</span> Humanist sans-serif typeface

Tahoma is a humanist sans-serif typeface that Matthew Carter designed for Microsoft Corporation. Microsoft first distributed it, along with Carter's Verdana, as a computer font with Office 97.

.tk is the Internet country code top-level domain (ccTLD) for Tokelau, a territory of New Zealand in the South Pacific.

Chicago is a sans-serif typeface designed by Susan Kare for Apple Computer. It was used in the Macintosh operating system user interface between 1984 and 1997 and was an important part of Apple’s brand identity. It is also used in early versions of the iPod user interface. Chicago was initially a bitmap font; as the Apple OS’s capabilities improved, Apple commissioned the type foundry Bigelow & Holmes to create a vector-based TrueType version. The typeface is named after the U.S. city of Chicago, following the theme of original Macintosh fonts being named after major world cities.

Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.

<span class="mw-page-title-main">Lottery scam</span> Fraud pretending to be a lottery

A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mailing explaining that "You have won!" a large sum of money in a lottery. The recipient of the message—the target of the scam—is usually told to keep the notice secret, "due to a mix-up in some of the names and numbers," and to contact a "claims agent." After contacting the agent, the target of the scam will be asked to pay "processing fees" or "transfer charges" so that the winnings can be distributed, but will never receive any lottery payment. Many email lottery scams use the names of legitimate lottery organizations or other legitimate corporations/companies, but this does not mean the legitimate organizations are in any way involved with the scams.

In orthography and typography, a homoglyph is one of two or more graphemes, characters, or glyphs with shapes that appear identical or very similar but may have differing meaning. The designation is also applied to sequences of characters sharing these properties.

The internationalized domain name (IDN) homoglyph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike. For example, the Cyrillic, Greek and Latin alphabets each have a letter ⟨o⟩ that has the same shape but different meaning from its counterparts.

<span class="mw-page-title-main">Lucida Grande</span> Humanist sans-serif typeface

Lucida Grande is a humanist sans-serif typeface. It is a member of the Lucida family of typefaces designed by Charles Bigelow and Kris Holmes. It is best known for its implementation throughout the macOS user interface from 1999 to 2014, as well as in other Apple software like Safari for Windows. As of OS X Yosemite, the system font was changed from Lucida Grande to Helvetica Neue. In OS X El Capitan the system font changed again, this time to San Francisco.

Trebuchet MS is a humanist sans-serif typeface that Vincent Connare designed for Microsoft Corporation in 1996. Trebuchet MS was the font used for the window titles in the Windows XP default theme, succeeding MS Sans Serif and Tahoma. Released free of charge by Microsoft as part of their core fonts for the Web package, it remained one of the most popular body text fonts on webpages as of 2009.

<span class="mw-page-title-main">Geneva (typeface)</span> Neo-grotesque sans-serif typeface

Geneva is a neo-grotesque or "industrial" sans-serif typeface designed by Susan Kare for Apple Computer. It is one of the oldest fonts shipped with Macintosh operating systems. The original version was a bitmap font, but later versions were converted to TrueType when that technology became available on the Macintosh platform. Because this Macintosh font is not commonly available on other platforms, many users find Verdana, Microsoft Sans Serif or Arial to be an acceptable substitute.

The DejaVu fonts are a superfamily of fonts designed for broad coverage of the Unicode Universal Character Set. The fonts are derived from Bitstream Vera (sans-serif) and Bitstream Charter (serif), two fonts released by Bitstream under a free license that allowed derivative works based upon them; the Vera and Charter families were limited mainly to the characters in the Basic Latin and Latin-1 Supplement portions of Unicode, roughly equivalent to ISO/IEC 8859-15, and Bitstream's licensing terms allowed the fonts to be expanded upon without explicit authorization. The DejaVu fonts project was started with the aim to "provide a wider range of characters ... while maintaining the original look and feel through the process of collaborative development". The development of the fonts is done by many contributors and is organized through a wiki and a mailing list.

Segoe is a typeface, or family of fonts, that is best known for its use by Microsoft. The company uses Segoe in its online and printed marketing materials, including recent logos for a number of products. Additionally, the Segoe UI font sub-family is used by numerous Microsoft applications, and may be installed by applications. It was adopted as Microsoft's default operating system font, and is also used on Outlook.com, Microsoft's web-based email service. On August 23, 2012, Microsoft unveiled its new corporate logo typeset in Segoe, replacing the logo it had used for the previous 25 years.

A spoofed URL involves one website masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to- security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.

<span class="mw-page-title-main">Microsoft Sans Serif</span> Neo-grotesque sans-serif typeface

Microsoft Sans Serif is a sans-serif typeface introduced with early Microsoft Windows versions. It is the successor of MS Sans Serif, formerly Helv, a proportional bitmap font introduced in Windows 1.0. Both typefaces are very similar in design to Arial and Helvetica. The typeface was designed to match the MS Sans bitmap included in the early releases of Microsoft Windows.

Website spoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website, and it sometimes has a similar URL. A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information.

A scam letter is a document, distributed electronically or otherwise, to a recipient misrepresenting the truth with the aim of gaining an advantage in a fraudulent manner.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

References

1 2 Knowles, William (July 22, 2000). "Scam artist copies PayPal Web site". Information Security News mailing list archives. SecLists.Org. Retrieved February 18, 2012.
1 2 Sullivan, Bob (July 24, 2000). "PayPal alert! Beware the 'PaypaI' scam". ZDNet UK. Retrieved February 18, 2012.
↑ Mustaca, Sorin (February 12, 2011). "Old tricks, new language: "Paypai" in German". TechBlog. Avira GmbH. Archived from the original on March 4, 2012. Retrieved February 17, 2012.
↑ MinnieApolis (January 27, 2012). "New Twist on PayPaL Phishing is from PayPaI (with an i)". Newsvine. Retrieved February 17, 2012.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[seclists.org-1] 1 2 Knowles, William (July 22, 2000). "Scam artist copies PayPal Web site". Information Security News mailing list archives. SecLists.Org. Retrieved February 18, 2012.

[ZDNet_UK-2] 1 2 Sullivan, Bob (July 24, 2000). "PayPal alert! Beware the 'PaypaI' scam". ZDNet UK. Retrieved February 18, 2012.

[avira-3] Mustaca, Sorin (February 12, 2011). "Old tricks, new language: "Paypai" in German". TechBlog. Avira GmbH. Archived from the original on March 4, 2012. Retrieved February 17, 2012.

[Newsvine-4] MinnieApolis (January 27, 2012). "New Twist on PayPaL Phishing is from PayPaI (with an i)". Newsvine. Retrieved February 17, 2012.

[1]

[2]

[3]

[4]

v t e Scams and confidence tricks
Terminology	Scam Error account Shill Shyster Sucker list
Notable scams and confidence tricks	1992 Indian stock market scam 2G spectrum case Advance-fee scam Art student scam Badger game Bait-and-switch Black money scam Blessing scam Bogus escrow Boiler room Bride scam Charity fraud Clip joint Coin-matching game Coin rolling scams Drop swindle Embarrassing cheque Exit scam Extraterrestrial real estate Fiddle game Fine print Foreclosure rescue scheme Foreign exchange fraud Fortune telling fraud Gem scam Get-rich-quick scheme Green goods scam Hustling Indian coal allocation scam IRS impersonation scam Intellectual property scams Kansas City Shuffle Locksmith scam Long firm Miracle cars scam Mismarking Mock auction Moving scam Overpayment scam Patent safe Pig in a poke Pigeon drop Pork barrel Pump and dump Redemption/A4V schemes Reloading scam Return fraud Salting Shell game Sick baby hoax SIM swap scam Slavery reparations scam Spanish Prisoner SSA impersonation scam SSC Scam Strip search phone call scam Swampland in Florida Tarmac scam Technical support scam Telemarketing fraud Thai tailor scam Thai zig zag scam Three-card monte Trojan horse Wash trading White van speaker scam Work-at-home scheme
Internet scams and countermeasures	Avalanche Pig Butchering Carding Catfishing Click fraud Clickjacking Cramming Cryptocurrency scams Cybercrime CyberThrill DarkMarket Domain name scams Email authentication Email fraud Internet vigilantism Lenny anti-scam bot Lottery scam PayPai Phishing Referer spoofing Ripoff Report Rock Phish Romance scam Russian Business Network SaferNet Scam baiting 419eater.com Jim Browning Kitboga Scammer Payback ShadowCrew Spoofed URL Spoofing attack Stock Generation Voice phishing Website reputation ratings
Pyramid and Ponzi schemes	Aman Futures Group Bernard Cornfeld Caritas Dona Branca Earl Jones Ezubao Foundation for New Era Philanthropy Franchise fraud High-yield investment program (HYIP) Investors Overseas Service Kapa investment scam Kubus scheme Madoff investment scandal Make Money Fast Matrix scheme MMM Petters Group Worldwide Pyramid schemes in Albania Reed Slatkin Saradha Group financial scandal Secret Sister Scott W. Rothstein Stanford Financial Group Welsh Thrasher faith scam
Lists	Con artists Confidence tricks Criminal enterprises, gangs and syndicates Impostors In the media Film and television Literature Ponzi schemes