PayPal alert! Beware the 'PaypaI' scam

Summary:This Russian-based site looks exactly like the popular PayPal.com payment site, complete with pilfered user names and passwords

A scam artist last night created an exact replica of PayPal.com and used the fake site to attempt to pilfer user names and passwords from customers of the online payment system.

The site, deceptively named PayPai.com, was a convincing duplicate of the real thing -- but according to Network Solutions, Paypai.com is registered to Birykov in South Ural, Russia.

However, by 10.45am (Pacific Time) the copycat site was down. Meanwhile, a spokesperson for PayPal "guaranteed" that "no PayPal user will lose money as a result of this incident".

PayPal, with 2.6 million customers, is easily the largest online payment system designed to support online auction users. Customers set up accounts so they can transfer funds back and forth without having to wait for personal checks to clear or money orders to be delivered. Most customers currently pay nothing for the service, which considerably speeds up the auction buying process.

But in this case, a scam artist has apparently discovered a way to dupe PayPal users by dangling a large payment in front of them. "X.com [PayPal's parent company] has notified law enforcement of the fake site and efforts to steal password information," said spokesperson Vince Sollitto. "We have taken steps to prevent this person from withdrawing money from the PayPal system."

Not only was "Paypai.com" very convincing, but the scam artist even goes one step further. He or she is apparently emailing PayPal customers, saying they have a large payment waiting for them in their account.

The message then offers up a link, urging the recipient to claim the funds. But the URL that is displayed for the unwitting victim uses a capital "i" (I), which looks just like a lowercase "L" (l), in many computer fonts.

So, when the victim clicks on that link, he or she is directed to a copycat login page that's really sitting on a British Web hosting service called "Easypost". If the victim does log in, the user name and password are sent to the scam artist. Emails to Easypost were not immediately returned.

Thursday, on a message board devoted to PayPal, several users confessed they'd been tricked into logging in but got suspicious and changed their account information soon after.

"Well colour me stupid. I read half your message [warning of the scam], then went over and checked it out. I logged in and then came back and read the rest," wrote one. "Can someone say IDIOT!! I immediately went to the real PayPal and changed my password. Oh well, silly me."

No users reported noticing any PayPal funds had actually been stolen as a result of the scam.

Armed with the user name and password, a scam artist could possibly drain a victim's PayPal account. PayPal did not immediately respond to inquiries, but both that company and Easyhost had been notified of the scam by late Wednesday, according to writers on the Internet message board.

According to one user, the enticing email read like this:

Michael Swenson just sent you money with PayPal. Amount: $827.46 Click here to get you new account bonus! http://www.PayPaI.com/bonus Did you know you can earn money with the PayPal Refer-a-Friend program? Go to http://www.Pay-Pal.com/specialoffers for more details. To view your PayPal balance or other account information, log in at http://www.PayPaI.com/login

What do you think? Tell the Mailroom. And read what others have said.

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.