A phishing scheme known as “PayPai” may be hitting your inbox right now. Ever notice how an upper-case letter “i” and a lower-case letter “L” look identical in certain fonts? The bad guys hope you don’t. Fraudsters are exploiting this visual trick to fool innocent people with fake PayPal emails that look real. These emails can be so convincing that they almost fooled me!
Unlike regular spam email, the consequences of clicking on a PayPai link can cost you time, money and privacy. Let’s review the phishing tactics used by these clever cybercriminals and some easy tips about how to spot a counterfeit email.
If you’ve never heard of phishing, or if you need a quick refresher course, the term refers to malicious emails sent by con artists to obtain your private information. The emails usually resemble official messages from legitimate companies like eBay, Amazon, online banks and, most notably, PayPal. They include links to professional-looking replica websites that ask for your passwords and use software to hack into your PC.
By phishing, cybercriminals can steal personal information such as passwords and bank account information. Sometimes, phishing websites also infect your computer with viruses or spyware.
Don’t Let PayPai Reel You In With Homographs
As phishing goes, PayPai is extra sneaky. The swindlers behind this devious scheme rely on something called a homograph. A homograph is a letter, number or symbol that looks identical to another, different character.
As we explained earlier, a capital letter “i” can be almost indistinguishable from a lower-case letter “L” in certain fonts such as san serif (tailless). San serif also happens to be the default font used in the popular email clients like Gmail and browsers like Firefox.
I recently received a PayPai phishing email that stated my account was “limited,” and it sounded very official. It said:
“Your bank let us know that you didn’t authorize some recent money transfers between your PayPaI and bank accounts … We want to make sure that no one has logged into your account without your permission.”
The email I received included a link to the PayPai hoax site. I didn’t click the link, but I’m pretty sure it would’ve asked for my real PayPal login and password, or possibly installed some spyware. Thankfully, I was able to spot something fishy in the sender’s email address. A real message from PayPal would come from an email address like firstname.lastname@example.org, but the PayPai email originated from an address at hackneysingers.org.uk. I thought that sounded pretty darn suspicious!
That’s a trait commonly used by phishing emails. The message is often a false warning that your account has been compromised, and the writing can be polite and full of concern. The PayPai perpetrators and other “phishers” mimic the language used by the real companies. Sometimes they also steal the company’s real logo, too.
Get Them Before They Get You
One of the easiest ways to spot a phishing attempt is to look at the URL that loads in your browser. Do you see “https” in front of the website’s address? The “s” at the end means that the website is more secure. For an online store, online banking service or other official websites that require your personal data, the “s” should be there. Be careful if it’s just “http”.
Another red flag can be the website address itself. Is it simple, like www.eBay.com, or are there additional words, symbols and numbers? Phishing websites often include extra phrases and characters that don’t make any sense. Watch out for web addresses such as “page.@ebay.com” or “email@example.com@21.3442.1″. Foreign addresses can also tip you off. If you live in the United States, you shouldn’t be getting emails from eBay’s Hong Kong division.
More Safety Tips
#1. A good way to protect yourself from phishing is to enable the spam filters on your email account. You should also make sure that your computer has anti-virus software and a firewall that’s up-to-date.
#2. For added safety, increase the security settings in Safari, Firefox, Google Chrome and Internet Explorer – and you can even change the browser’s default font to Times New Roman, Courier New or Tahoma, which should make all PayPai’s capital “i” stick out like a sore thumb.
#3. Remember that legit websites like PayPal and eBay will NEVER send you email attachments. They won’t ask for your personal data or financial info in an email, either. These sites will ask you to login first and in some cases, they will request answers to your personal security questions (i.e., “What was the name of your first pet?”)
#5. If you’re not greeted by name, there’s a good chance it’s a fraud. The PayPai message didn’t greet me at all, but phishing emails will frequently begin with vague salutations like “Hello Member” or “Dear User.” Bear in mind that even if it includes your name, it could still be fraud. But the absence of a personalized greeting is a distinct warning sign.
#6. When in doubt, just don’t click any links in an email. Instead, quit your browser, open it again and type the website address yourself in a brand new window. So if you do supposedly have a “limited account” in PayPal, don’t click the link in the email – go to PayPal directly by typing https://www.paypal.com. If there’s actually something wrong with your account, you’ll be notified about it on the site directly after you log in.
It’s also a very good idea to familiarize yourself with privacy policies of websites like PayPal, eBay, Amazon and online banking sites. Almost any legit professional website you can join will have a Help section that describes the company’s email policy. You can find out when and why they might contact you, what kind of user info they might request via email and – most importantly – what they will never send you or request over email.
Sites like PayPal and eBay also offer their own specialized tips and warning signs about fraud. These companies encourage you to contact their customer service and report any phishing, hacking attempts or other forms of cyber crime associated with their name. You should also submit a report to Scambook.
So if you get a “PayPal” email that seems irregular or unexpected, check that “l” before you open any links! Don’t lose money, time or sanity over a san serif homograph.
PayPai is Fraud with a capital F.
Newsvine.com, “New Twist on PayPaL Phishing is from PayPaI (with an i)”. http://minnieapolis.newsvine.com/_news/2012/01/27/10251572-new-twist-on-paypal-phishing-is-from-paypai-with-an-i
ZDNet, “PayPal alert! Beware the ‘PaypaI’ scam”. http://www.zdnet.com/paypal-alert-beware-the-paypai-scam-3002080344/
eBay.com, “Recognizing spoof (fake) eBay websites”. http://pages.ebay.com/help/account/recognizing-spoof.html
PayPal.com, “How can I protect myself from PayPal fraud or scams?” https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Help/general/TopQuestion5-outside
Image Sources: http://www.vouchergame.net/voucher/PAYPAI.jpg, http://jaypeeonline.net/images/phishing.png