PayPaI

Last updated

PaypaI is a phishing scam, which targets account holders of the widely used internet payment service, PayPal, taking advantage of the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer fonts. This is a form of a homograph attack.

The scam involves sending PayPal account holders a notification email claiming that PayPal has "temporarily suspended" their account. Instead of linking to PayPal.com, the site references in the email link to a convincing duplicate of the site at paypai.com, in the hope that the user will enter their PayPal login details, which the owner of paypai.com can then store and use.

History

Paypai was first active in mid-2000. It sent account holders of PayPal bogus payment receipt notifications, mimicking those sent by PayPal, indicating that the account holder had received a large payment and directed recipients to paypai.com through a link in the message. [1] [2]

The site, paypaI.com, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural, Russia. [1] [2]

At the time, MS Sans Serif, a font similar to Arial that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When Windows XP was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L".[ citation needed ]

Paypai scams resurfaced in 2011, [3] 2012, [4] 2017, and 2020.[ citation needed ]

Related Research Articles

<span class="mw-page-title-main">Bitstream Vera</span> Typeface series from Bitstream

Vera is a digital typeface superfamily with a liberal license. It was designed by Jim Lyles from the now-defunct Bitstream Inc. type foundry, and it is closely based on Bitstream Prima, for which Lyles was also responsible. It is a TrueType font with full hinting instructions, which improve its rendering quality on low-resolution devices such as computer monitors. The font has also been repackaged as a Type 1 PostScript font, called Bera, for LaTeX users.

A micropayment is a financial transaction involving a very small sum of money and usually one that occurs online. A number of micropayment systems were proposed and developed in the mid-to-late 1990s, all of which were ultimately unsuccessful. A second generation of micropayment systems emerged in the 2010s.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Tahoma (typeface)</span> Humanist sans-serif typeface

Tahoma is a humanist sans-serif typeface that Matthew Carter designed for Microsoft Corporation. Microsoft first distributed it, along with Carter's Verdana, as a computer font with Office 97.

<span class="mw-page-title-main">.tk</span> Country code top-level domain for Tokelau

.tk is the Internet country code top-level domain (ccTLD) for Tokelau, a territory of New Zealand in the South Pacific.

<span class="mw-page-title-main">Chicago (typeface)</span> Sans-serif typeface

Chicago is a sans-serif typeface designed by Susan Kare for Apple Computer. It was used in the Macintosh operating system user interface between 1984 and 1997 and was an important part of Apple’s brand identity. It is also used in early versions of the iPod user interface. Chicago was initially a bitmap font; as the Apple OS’s capabilities improved, Apple commissioned the type foundry Bigelow & Holmes to create a vector-based TrueType version. The typeface is named after the U.S. city of Chicago, following the theme of original Macintosh fonts being named after major world cities.

Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.

<span class="mw-page-title-main">Lottery scam</span> Fraud pretending to be a lottery

A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mailing explaining that "You have won!" a large sum of money in a lottery. The recipient of the message—the target of the scam—is usually told to keep the notice secret, "due to a mix-up in some of the names and numbers," and to contact a "claims agent." After contacting the agent, the target of the scam will be asked to pay "processing fees" or "transfer charges" so that the winnings can be distributed, but will never receive any lottery payment. Many email lottery scams use the names of legitimate lottery organizations or other legitimate corporations/companies, but this does not mean the legitimate organizations are in any way involved with the scams.

<span class="mw-page-title-main">Homoglyph</span> Different glyphs which are visually similar

In orthography and typography, a homoglyph is one of two or more graphemes, characters, or glyphs with shapes that appear identical or very similar but may have differing meaning. The designation is also applied to sequences of characters sharing these properties.

The internationalized domain name (IDN) homoglyph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike. For example, the Cyrillic, Greek and Latin alphabets each have a letter ⟨o⟩ that has the same shape but different meaning from its counterparts.

<span class="mw-page-title-main">Lucida Grande</span> Humanist sans-serif typeface

Lucida Grande is a humanist sans-serif typeface. It is a member of the Lucida family of typefaces designed by Charles Bigelow and Kris Holmes. It is best known for its implementation throughout the macOS user interface from 1999 to 2014, as well as in other Apple software like Safari for Windows. As of OS X Yosemite, the system font was changed from Lucida Grande to Helvetica Neue. In OS X El Capitan the system font changed again, this time to San Francisco.

<span class="mw-page-title-main">Trebuchet MS</span> Humanist sans-serif typeface family

Trebuchet MS is a humanist sans-serif typeface that Vincent Connare designed for Microsoft Corporation in 1996. Trebuchet MS was the font used for the window titles in the Windows XP default theme, succeeding MS Sans Serif and Tahoma. Released free of charge by Microsoft as part of their core fonts for the Web package, it remained one of the most popular body text fonts on webpages as of 2009.

<span class="mw-page-title-main">Geneva (typeface)</span> Neo-grotesque sans-serif typeface

Geneva is a neo-grotesque or "industrial" sans-serif typeface designed by Susan Kare for Apple Computer. It is one of the oldest fonts shipped with Macintosh operating systems. The original version was a bitmap font, but later versions were converted to TrueType when that technology became available on the Macintosh platform. Because this Macintosh font is not commonly available on other platforms, many users find Verdana, Microsoft Sans Serif or Arial to be an acceptable substitute.

<span class="mw-page-title-main">DejaVu fonts</span> Open-source Unicode fonts

The DejaVu fonts are a superfamily of fonts designed for broad coverage of the Unicode Universal Character Set. The fonts are derived from Bitstream Vera (sans-serif) and Bitstream Charter (serif), two fonts released by Bitstream under a free license that allowed derivative works based upon them; the Vera and Charter families were limited mainly to the characters in the Basic Latin and Latin-1 Supplement portions of Unicode, roughly equivalent to ISO/IEC 8859-15, and Bitstream's licensing terms allowed the fonts to be expanded upon without explicit authorization. The DejaVu fonts project was started with the aim to "provide a wider range of characters ... while maintaining the original look and feel through the process of collaborative development". The development of the fonts is done by many contributors and is organized through a wiki and a mailing list.

Segoe is a typeface, or family of fonts, that is best known for its use by Microsoft. The company uses Segoe in its online and printed marketing materials, including recent logos for a number of products. Additionally, the Segoe UI font sub-family is used by numerous Microsoft applications, and may be installed by applications. It was adopted as Microsoft's default operating system font, and is also used on Outlook.com, Microsoft's web-based email service. On August 23, 2012, Microsoft unveiled its new corporate logo typeset in Segoe, replacing the logo it had used for the previous 25 years.

A spoofed URL involves one website masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to- security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.

<span class="mw-page-title-main">Microsoft Sans Serif</span> Neo-grotesque sans-serif typeface

Microsoft Sans Serif is a sans-serif typeface introduced with early Microsoft Windows versions. It is the successor of MS Sans Serif, formerly Helv, a proportional bitmap font introduced in Windows 1.0. Both typefaces are very similar in design to Arial and Helvetica. The typeface was designed to match the MS Sans bitmap included in the early releases of Microsoft Windows.

Website spoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website, and it sometimes has a similar URL. A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information.

A scam letter is a document, distributed electronically or otherwise, to a recipient misrepresenting the truth with the aim of gaining an advantage in a fraudulent manner.

<span class="mw-page-title-main">Credit card fraud</span> Financial crime

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

References

  1. 1 2 Knowles, William (July 22, 2000). "Scam artist copies PayPal Web site". Information Security News mailing list archives. SecLists.Org. Retrieved February 18, 2012.
  2. 1 2 Sullivan, Bob (July 24, 2000). "PayPal alert! Beware the 'PaypaI' scam". ZDNet UK. Retrieved February 18, 2012.
  3. Mustaca, Sorin (February 12, 2011). "Old tricks, new language: "Paypai" in German". TechBlog. Avira GmbH. Archived from the original on March 4, 2012. Retrieved February 17, 2012.
  4. MinnieApolis (January 27, 2012). "New Twist on PayPaL Phishing is from PayPaI (with an i)". Newsvine. Retrieved February 17, 2012.