PayPaI
{{short description|Phishing scam impersonating PayPal}}
PaypaI is a phishing scam, which targets account holders of the widely used internet payment service, PayPal, taking advantage of the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer fonts. This is a form of a homograph attack.
The scam involves sending PayPal account holders a notification email claiming that PayPal has "temporarily suspended" their account. Instead of linking to PayPal.com, the site references in the email link to a convincing duplicate of the site at paypai.com, in the hope that the user will enter their PayPal login details, which the owner of paypai.com can then store and use.
History
Paypai was first active in mid-2000. It sent account holders of PayPal bogus payment receipt notifications, mimicking those sent by PayPal, indicating that the account holder had received a large payment and directed recipients to paypai.com through a link in the message.{{cite web |url=http://seclists.org/isn/2000/Jul/119 |title=Scam artist copies PayPal Web site |last1=Knowles |first1=William |date=July 22, 2000 |work=Information Security News mailing list archives |publisher=SecLists.Org |access-date=February 18, 2012}}{{cite web |url=http://www.zdnet.co.uk/news/security-management/2000/07/24/paypal-alert-beware-the-paypai-scam-2080344/ |title=PayPal alert! Beware the 'PaypaI' scam |last1=Sullivan |first1=Bob |date=July 24, 2000 |work=ZDNet UK |access-date=February 18, 2012}}
The site, paypaI.com, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural, Russia.
At the time, MS Sans Serif, a font similar to Arial that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When Windows XP was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L".{{Citation needed |date=April 2024}}
Paypai scams resurfaced in 2011,{{cite web |url=http://techblog.avira.com/2011/02/12/old-tricks-new-language-%E2%80%9Cpaypai%E2%80%9D-in-german/en/ |title=Old tricks, new language: "Paypai" in German |last1=Mustaca |first1=Sorin |date=February 12, 2011 |work=TechBlog |publisher=Avira GmbH. |access-date=February 17, 2012 |archive-date=March 4, 2012 |archive-url=https://web.archive.org/web/20120304165244/http://techblog.avira.com/2011/02/12/old-tricks-new-language-%E2%80%9Cpaypai%E2%80%9D-in-german/en |url-status=dead }} 2012,{{cite web |url=http://minnieapolis.newsvine.com/_news/2012/01/27/10251572-new-twist-on-paypal-phishing-is-from-paypai-with-an-i |title=New Twist on PayPaL Phishing is from PayPaI (with an i) |author=MinnieApolis |date=January 27, 2012 |work=Newsvine |access-date=February 17, 2012}} 2017, and 2020.{{citation needed|date=January 2022}}