From Wikipedia, the free encyclopedia
Jump to: navigation, search
This article is about a phishing scam. For the legitimate payment system, see PayPal.

Paypai (capitalised as PayPaI) is a phishing scam, which targets account holders of the widely used internet payment service, PayPal, using the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer fonts; a so-called homograph attack. It sends PayPal account holders a notification email, saying "PayPal temporarily suspended your account".


Paypai was first active in mid-2000. PayPal then sent account holders a notification email when they received payments. Spam was sent out, mimicking these payment notifications and indicating that the account holder had received a large payment and directed recipients to through a link in the message.[1][2]

The site,, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural, Russia.[1][2] The site was quickly shut down.[citation needed]

At the time, MS Sans Serif, a font similar to Arial that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When Windows XP was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L".

Paypai scams have resurfaced in 2011 and 2012.[3][4]

See also[edit]


  1. ^ a b Knowles, William (July 22, 2000). "Scam artist copies PayPal Web site". Information Security News mailing list archives. SecLists.Org. Retrieved February 18, 2012. 
  2. ^ a b Sullivan, Bob (July 24, 2000). "PayPal alert! Beware the 'PaypaI' scam". ZDNet UK. Retrieved February 18, 2012. 
  3. ^ Mustaca, Sorin (February 12, 2011). "Old tricks, new language: “Paypai” in German". TechBlog. Avira GmbH. Retrieved February 17, 2012. 
  4. ^ MinnieApolis (January 27, 2012). "New Twist on PayPaL Phishing is from PayPaI (with an i)". Newsvine. Retrieved February 17, 2012.