PayPaI
   HOME

TheInfoList



Click Here for Items Related To - PayPaI
OR:
PayPaI on:   [Wikipedia]   [Google]   [Amazon]

Paypai ( capitalised as PayPaI) is a
phishing scam Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
, which targets account holders of the widely used internet payment service,
PayPal PayPal Holdings, Inc. is an American multinational financial technology company operating an online payments system in the majority of countries that support online money transfers, and serves as an electronic alternative to traditional paper ...
, taking advantage of the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer
fonts In metal typesetting, a font is a particular size, weight and style of a typeface. Each font is a matched set of type, with a piece (a " sort") for each glyph. A typeface consists of a range of such fonts that shared an overall design. In mod ...
. This is a form of a homograph attack. The scam involves sending PayPal account holders a notification email claiming that PayPal has "temporarily suspended" their account. Instead of linking to PayPal.com, the site references in the email link to a convincing duplicate of the site at paypai.com, in the hope that the user will enter their PayPal login details, which the owner of paypai.com can then store and use.


History

Paypai was first active in mid-2000. It sent account holders of PayPal bogus payment receipt notifications, mimicking those sent by PayPal, indicating that the account holder had received a large payment and directed recipients to paypai.com through a link in the message. The site, paypaI.com, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural,
Russia Russia (, , ), or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering , and encompassing one-eig ...
. At the time, MS Sans Serif, a font similar to
Arial Arial (also called Arial MT) is a sans-serif typeface and set of computer fonts in the neo-grotesque style. Fonts from the Arial family are included with all versions of Microsoft Windows from Windows 3.1 on, some other Microsoft software ap ...
that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L". Paypai scams resurfaced in 2011, 2012, 2017, and 2020.


See also

*
IDN homograph attack The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they ar ...


References

{{Scams and confidence tricks Social engineering (computer security) Spamming PayPal Types of cyberattacks