Scam alert...
interactive.wsj.com
July 21, 2000
Scam Artist Copies Web Site
Of Payment Service PayPal.com
By BOB SULLIVAN
MSNBC
A scam artist has created an exact replica of PayPal.com, and appears to
be using the fake site to pilfer user names and passwords from customers
of the online-payment system.
The site, deceptively named PayPai.com, is a convincing duplicate of the
real thing -- but according to Network Solutions Inc., Paypai.com is
registered to Birykov Inc. in South Ural, Romania. PayPal users should use
care while the scam is still in operation.
PayPal, with 2.6 million customers, is easily the largest online payment
system designed to support online auction users. Customers set up
accounts so they can transfer funds back and forth without having to wait
for personal checks to clear or money orders to be delivered. Most
customers currently pay nothing for the service, which considerably speeds
up the auction buying process.
But in this case, scam artists have apparently discovered a way to dupe
PayPal users by dangling a large payment in front of them.
Not only is "Paypai.com" very convincing, the scam artist goes even one
step further. He or she is apparently e-mailing PayPal customers, saying
they have a large payment waiting for them in their account. The message
then offers up a link, urging the recipient to claim the funds. But the URL
which is displayed for the unwitting victim uses a capital "I," which looks
just like a lower-case "l" in many computer fonts.
So, when the victim clicks on that link, they are directed to a copycat login
page that's really sitting on a British Web hosting service called "Easypost."
If the victim does log in, the username and password is sent to the scam
artist. E-mails to Easypost were not immediately returned.
Thursday, on a message board devoted to PayPal, several users confessed
they'd been tricked into logging in, but got suspicious and changed their
account information soon after.
"Well color me stupid. I read half your message (warning of the scam),
then went over and checked it out. I logged in and then came back and
read the rest," wrote one. "Can someone say IDIOT!! I immediately went
to the real PayPal and changed my password. Oh well, silly me."
No users reported noticing any PayPal funds had actually been stolen as a
result of the scam.
Armed with the username and password, a scam artist could possibly drain
a victim's PayPal account. But it could be worse -- in some cases, PayPal
accounts are linked to credit cards or personal bank accounts. That
information would also be available to the computer vandal.
PayPal didn't immediately respond to inquiries, but both that company and
Easyhost had been notified of the scam by late Wednesday, according to
writers on the Internet message board.
According to one user, the enticing e-mail read like this:
Michael Swenson just sent you money with PayPal.
Amount: $827.46
Click here to get you new account bonus!
paypai.com
Did you know you can earn money with the PayPal Refer-a-Friend
program? Go to pay-pal.com for more
details.
To view your PayPal balance or other account information, log in at
paypai.com;
KJC |
