Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet

Fake PayPal Site 134

CharlieG writes: "Just a friendly warning as a followup to all the PayPal talk of yesterday. It seems that there is a scam going on based out of South Ural, Romania. They have created a site that looks exactly like Paypal, but is PayPai.com." Much more harmful than all the Slashdot typo sites (those only cause me to get dozens of flames a week for framing Slashdot: this one could actually steal your credit card!)
This discussion has been archived. No new comments can be posted.

Fake PayPal Site

Comments Filter:
  • by Anonymous Coward
    Because the interest they earn on holding your money for two days...generates alot of money.. There is additional hold on that money, if the payee (seller) wants a check sent, instead of having that money direct deposited in an individuals bank account. Think about it... Overnight lending rates are about 12% ...... the fee that MC/VISA charges is around 3.5 % ... Amex is around 4.2 % .... It seems that PayPal generates 3 times the amount of profit!!! What a racket
  • A friend tried to talk me into using it to send him money for the computer he built me. But I looked at the site and was pretty suspicious. How can they charge my credit card $2500 and give him $2500 -- when credit card companies always charge a commission??? Ads certainly can't pay for all that.

    The only thing I can think of is they share all kinds of personal information with all kinds of evil companies. I sent my friend a check.
  • Still doesn't make sense. The CC fee is like 2-5% FLAT OUT -- not APR. They get that much per transaction. The overnight lending rate would be like 12% APR, right?

    So they'd only get a tiny fraction of a percent in interest per day, but still have to pay out 3-5%.
  • Looks like sIashdot.org isn't registered yet. Is anyone bored enough to put up something cool?


  • Some elite kid is probally going to get some free porn off using your account

    Dammit. Someone else always takes the good ideas... I guess I'll just stick to the free sites.

    I give whoever did it credit for creativity though...

  • GoogIe.com [googie.com] is also taken... watch out for them fake searches. (actually, it looks nothing like Google [google.com], and the name is probably just a coincidence... but WTF is a "googie"?)
  • Actually, MS-NBC is not down (as far as I can tell). Rather, the page keeps reloading in the background, appending "&cp=1" or somesuch to the URL,about once every four seconds. I think it's because Junkbuster snips the cookies. If I have Javascript enabled, I get to see the URL growing in the Location: field. If I have it disabled, it just looks like the page is taking forever to load, but careful observation of the status line on the bottom of the screen reveals that browser is ping-ponging between two webservers with a period of about 4 seconds.

    Same thing happens on the last MeSs-NBC article I tried to read. I figure if they're site is broken, I'm not in a hurry to fix it for them.

  • s/they're site/their site/


  • Should MS grab mlcrosoft.com?

    No, that'd be MICROS~1.COM

  • I wonder if these people could arrested for fraud in Romania. I don't know but Pay Pal move quickly so no one gets hurt.
  • You can also use http://www.x.com/ [x.com] to get there too .. saves typing in paypal, paypai .. or whatever.

    www.paypal.com redirects to www.x.com anyway.

  • Thanks for pointing out my goof. I forgot that Rumania is the old spelling.

    To summarize: while long known as Rumania, and so spelled on independence from the Ottoman empire in 1859, the official spelling has been Romania since around 1945. It took until the 1960s for many Western references to be updated.

    The spelling Rumania is believed to be a reflection of the name for Rome and Romans in Turkish (Ottoman) dialects, and as such, some modern Romanians actually find it offensive. (Whoops.) But the Roman origin is also considered controversial, and may be more legend than fact.

    It's described in much more detail [hungary.com] than anyone on /. may care to know ...

    The designation of Rumania (Roumania, Romania) is a more sensitive issue. It is related to the whole question of historical claims concerning the origin and destiny of Rumania in Eastern Europe. As such it is also directly tied to the emergence of the Rumanian people as a self-conscious, state-building community. It is controversial, because historical claims to Transylvania are based on prior settlement, which in turn depends on whether or not present-day Rumanians are recognized as descendants of Trajan's Romans who conquered the Dacians in A.D. 106. Those who do not accept the Daco-Roman theory of Rumanian continuity are more likely to spell the national designation with a "u."

  • Not getting interest sucks, but on the other hand the user doesn't have to pay credit card access fees, so for me it comes out about even. This is as opposed to the state of Illinois, which will let you pay your taxes by credit card but charges you for the privilege.

  • Jesus trolls? That's a new one.
  • What's PayPal?
  • Actually, I saw that by going to paypai... oops paypal.com. Just making that comment because I have idea what was meant by "all the talk of yesterday about Paypal" as I didn't see any.
  • ...is always the user. No matter how good security is, people always fall for 'go here and type in your password'.


  • > On the other hand, it's pretty smooth. And maybe this will help break down the widespread confusion between address and content that everyone complains about whenever the TLD fiasco comes up.

    Heh heh heh. Someone needs to set up a c0rinthians.com to route unsuspecting soccer fans back to the religious materials.

  • > I think all those hackers out there could punish sites like this by breaking in and trashing them.

    Yeah, and steal all the credit card numbers while they're at it.

    That way the hacker can enjoy an expense-paid vacation to Hawaii, and the scammers will get locked in the honky for it.

  • Yeah - I did. I just copied it into the form poorly. (Look at the long line *sheepish grin*)
  • Did anyone else notice the graphic next to the article claiming that the FTC lists online auctions as the #1 source of complaints about Internet fraud?

    First, what does that have to do with the PayPaI article?

    Second, isn't that a story in and of itself?

  • It's not PayPaI, that's for sure!
  • Folks, I know the Urals are in Russia - It was a quick cut and paste job from the MSNBC site. I should have put in the (sic) but I didn't.


  • Useful for what?


    "You can't shake the Devil's hand and say you're only kidding."

  • paypao, paypak, paypap
    Why, one could make a beowuli clustei.

  • And who's to say that an international court would carry the same protection that an American court would. Most countries could care less about copyright and trademark law. Just look at the pirating problem in China. Certainly the UN has no problem with ignoring American interests.

    Why not just have a group of hackers that goes vigilante and goes after the bad guys. Ruin their credit ratings, put their picture in the FBI Ten Most Wanted lists, etc. Or maybe I'm just watching too much A-Team.

  • I don't get it. Saying that they're giving away up to $10 for every new recruit, and then going on to comment that they "might actually make a profit"? Unless they start selling their services to businesses, who would willingly pay to have this automate their various money operations, they're not gonna turn a profit right now just by giving cash away.

    They hope to act like a real bank, and hope that people keep a balance in their accounts.

    Paypal would make interest on the balance, their customer's wouldn't, and if the aggregate balances are enough, PayPal makes a profit.

  • An E-money site that let's you buy things with an online account, or your credit card.

    Sign up now and get $5.00.

    Say you got referred and the referree gets $5.00.

    This is a web based business that might actually make a profit.

  • Remeber the old AMI bios password screens?
    I made a gwbasic program to mimic that for one of
    my teachers. I put it on a 360K disk for her 386. Booted up. She put in the bios password. Then of course, it asked again. Simple write out of the chars till it got to 13(enter). Bang, wahlah, u got a password.

    Granted, it got me banned from computers at the school when a "friend" ratted on me. Lesson learned: trust no one. hmmm, why am i telling you this again?
  • Better yet, stick it in a frame or new window that turns off the URL window and fool even more people.

    I remember going to newgrounds.com(note spelling), and ended up getting a ton of pop-up ads wanting to steal the thundering popularity of newgrounds.com

    There's also hanspring.com, but that's more of a joke.
  • I meant to type newgruonds.com

  • dude! u stole my +1! :)

    yes i know what time it is..no i have nothing better to do
  • With lucida font...the difference is about
    a pixel in height.

    In fact, I cannot tell the difference.

    What evil trickery :D

  • Interesting you mention this.

    What is the legality of nullrouting a specific
    address or network block. Although we may
    have our reasons...are those actions (even if
    the intent is good natured) protected from

    I believe the Rebel spam system is going through
    such a contest of justice currently...

    If someone takes the law into thier own hands...
    and dispenses justice... would this vigilante
    be safe from prosecution?

    Really I guess it comes down to whose right is it
    to police the internet. Is it the justice
    system in the region they connection from? Is
    it our right as administrators to dispense

    Mind you, on a weekly basis, as an administrator
    I dispense justice for actions that in some
    cases are legally wrong...but these wrongs will
    never see a courtroom. (Usually with the
    termination of the offenders account).

    Whose right is it and who is protected?
  • It's that bastard Signal 11! Or is it Signai 11? Signal II? SignaI ll? Exploiting the L/l/I/i/|/1 similarity is among the lowest of the low. You should be ashamed of yourselves.
  • why bother, just make a CGI that databases MSIE cookies from people when they visit your site...then plug them in your browser and use those...

  • Sea Monkeys are not a scam! I resent that!

  • Yep, definitelly not a romanian name but a russian one. But what you can expect from M$N an M$-nbc. Remember: the M$-Earth spins the other way around and the Ural mountains (which divide europe and asia) are in romania (like 2000km away).

  • Although I don't really know how they make their money one night I came up with this idea.

    Say in one day paypal transfers $5,000 (not unreasonable... I believe it is actually a lot more)... people leave the money at paypal for a while because they just do... if I had money at paypal I'd leave it there... paypal can then get interest off of that money I would assume. And that would be a lot of interest. Granted they would have to get other money somewhere but that would be a good source of money. According to the article there are 2.6 million users. If everybody has $1 in there account then that's 2,600,000 dollars... at even 2% interest that's a lot of money... even accumulated monthly...

  • Finally a site that should be slashdotted gets it... :) Way to win one for the little people!
  • Here again we have further evidence that the internet needs a global court system of some kind to allow justice of some sort to be served in instances like this. Wouldn't the United Nations be the perfect establishment for some sort of review panel or judicial board regarding internet law?
  • Ok. It might say PayPaI Inc.
  • If you are fooled by the difference between an I and an l in the domain name, there is no reason that you wouldn't also be fooled by the same when presented with information about the security.
  • Don't forget the move to kick out the Vatican, who everybody recognizes as a state. Any world government that's going to be kicking out members because the member state is nonviolently advocating a policy position (pro-life) is an institution that shouldn't be given any real power.

  • The romanian consulate in Chicago has been notified. Who knows, they may even make a statement and demand a retraction (I hope so)

  • The local name for Romania is.... Romania.

    The history of the name comes from New Rome
    Roma = Rome
    nia = neo = new

    Basically, Romania is what's left of a heavily colonized Roman province after the troops pulled out.

  • To be more accurate, the ov ending indicates a possible slav connection. Given the totality of the situation, my bet is Bulgaria

  • If you're posting from the US, call up your nearest consulate and ask them to request a retraction.

  • Actually, I wasn't joking. The company I'm working for is actually pitching the new consulate in Chicago so they know me a bit.

  • Your etymological construction would change new rome (roma + nia) to land of the romans (roman + ia) and is a difference without much of a distinction. There's a longstanding linguistic shoving match over the whole issue mostly provoked by hungarians who are still pissed about the treaty of Trianon which broke hungarian power over transylvania and allowed them to attach to Romania in 1918.

    As for the location of the original province of Dacia, the archeological evidence is pretty clear that it was in present day Romania. If you have an unbiased source otherwise, feel free to post.

    Your further claims that "it is thought that... Romanians moved there from somewhere else" are very fevered dreams distilled from irredentists. The 'somewhere else' theories never seem to get their stories straight and the locations are pretty varied as to where Romanians supposedly came from. The fact that latin based languages survive in former Roman provinces is no surprise and their common ancester is also a no-brainer, it's latin!

  • Why is this redundant when i was the first person to post that it was down (see the message number)

    I think slashdot needs to have a crash course in moderation for new moderators (those randomly chosen).

    That message was not redundant for those who click "read more" and check comments before going to the sites themselves.

  • First of all, I'm glad that no one has reported being ripped off yet.

    But the idea of chamaeleons has always interested me. I remember back in grade 9 or something I wrote a cheesy QBasic program that mimicked the old Novell login screen (the one with the blue background and huge IBM in white blocks). It looked just like you were logging in, but then it would report some falsified network error and request that you try another machine.

    Granted, initially it was running from my account, but after getting the first account saved in a handy-dandy text file, I ran it from there. I'm sure if we had better sys-admins they could've tracked me.. but oh well... I remember getting the typing-teachers password about 8 times in a row as they tried to figure out what the network error was!

    Don't believe everything you (think you) see :-)

    (ONly barely On topic, I know)
  • 'Whe muh haha muh!"

    no - there's some sounds with 'b' in there.

  • Is to have domain names be a combination of characters that don't resemble each other. The set could consist of {smiley face, boot, crescent moon, a dog head, a tulip, a sword, tic-tac-toe board, crown}.

    Of course, we'd need more. This would also eliminate all problems with domain trademark disputes.
  • Hmm, weird that I didn't check this first, but GeekIife.com is also available for any enterprising scammer hoping to grab some Geeklife.com email logins and passwords.
  • Soooooo... it's South Ural, RUSSIA, actually... Oh, well, gotta remember, I'm reading Slashdot :)
  • Seriously, anybody who doesn't inspect all of their bills for errors doesn't deserve to have a credit card. Heck half the people in the USA don't even deserve credit cards to begin with. Credit may offer wonderful benefits, but most people are too ignorant to harness and control them and, instead, abuse them.
  • Don't forget about hotmial.com. If you send an email to there (at any user name, I believe) instead of the hotmail.com, you get a handy reply telling you you've made a typing error, but would you like to visit our porn site, thanks! If they forwarded your email to the intended recipient @hotmail.com, then that would be pretty spiffy.
  • Yeah, but the people who aren't paying attention to url's probably aren't reading /. either.
  • South Ural here most probably just means SU, or Soviet Union. Registration information definitely suggests someone who knows last years russian Net folklore.
  • How did the racist nonsense get +2?
    -1 Troll / Flambait if you ask me.


  • How come that would be spam? That wouldn't really be nice thing to do.
    when everyone gives everything,
  • Looks like the site has already shut down.

    If it was a clean scam though they've already cleared out any logs of what accounts they have. Pay Pal users beware. Some elite kid is probally going to get some free porn off using your account.
  • Follow the link to the article, and read!

    I wasn't claiming any knowledge of geography, but merely quoting msnbc.com; talk to them, I couldn't care less.

    Incidentally, how was my post (#11) Redundant? Anyone, please point me to the earlier post that said what I did. Please.
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • by SEE ( 7681 )
    Well, given that they have started to sell premium services to buisnesses....

    Also, they make money on interest. When you've been paid via PayPal, but have yet to transfer the money to you own bank account, it sits in PayPal's accounts, and they get the interest on it. Add a bank-like normal rate of "abandoned" accounts with some cash in them, the fact that the bonuses can be written as customer acquisition/marketing expenses, and a plan to eventually abandon the bonuses when the customer base grows sufficiently....

    It doesn't seem they'll turn a profit soon, but it does look like a plausible buisness model.
    Steven E. Ehrbar
  • Their scam has nothing to do with making people type in the URL, they just need people to click the hyperlink in the email they've been spamming people with. Then they arrive at the paypai site, which basically looks like Paypal. Sorry for pointing out the obvious...
  • First off, I don't think the MSNBC columnist was saying they WERE in Romania. He said their registration data SAID they were in Romania, which, based on the name "South Ural", was pretty unlikely.

    (I did check to see if there was a city like "Ural" in Romania, anyway. Mapquest says no.)

    Second, it could be his confusion (or somebody else's along the line) between RUssia and ROmania (whose local name is RUmania). I've see people assume RU = Rumania all the time. Two letter country codes [netscape.com] are easy to confuse.

    Third, what Russian or Rumanian would use the English word "South" in their city name anyway? If they really lived there they would have registered it as "Yuzhniyuralsk" or something like that. No, this registration address info is about as bogus as saying "123 Easy St., Anywhere, USA".
  • What's up with this?

    > whois paypai.com

    Whois Server Version 1.1

    Domain names in the .com, .net, and .org domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.

    Domain Name: PAYPAI.COM
    Registrar: EASYSPACE LTD
    Whois Server: whois.easyspace.com
    Referral URL: www.easyspace.com
    Name Server: NS1.EASYPOST.COM
    Name Server: NS3.EASYPOST.COM
    Updated Date: 18-jul-2000

    >>> Last update of whois database: Fri, 21 Jul 00 03:09:41 EDT whois paypai.com@whois.easyspace.com
    No match for 'PAYPAI.COM'.
  • I don't get it. Saying that they're giving away up to $10 for every new recruit, and then going on to comment that they "might actually make a profit"? Unless they start selling their services to businesses, who would willingly pay to have this automate their various money operations, they're not gonna turn a profit right now just by giving cash away.

    (Personally, I wish the referral bonus was still $10.)
  • You just reinvented banking. Quick, patent it!

  • IlIlIlIlIlIlIIllIlIIllIIlIllIllIllIlllIIIllII


    See? The point is not that people will *make* a typo, but that they won't recognize a wrong URL.
  • sites down..anyone gotta mirror?

    sorry..couldnt resist :)
  • This attempt at stealing user's PayPal logins points up a very disturbing point:

    How many of us use just *one* login/password combination for every free site under the sun?

    A smart-but-unscrupulous fella (or gal, be fair) could open a web site with a wonderful little gimmie or gimmick, provide the service, then look through their *user-supplied* password/user name pairs and try them at more *interesting* sites like PayPal, myMortgage.com, PornoPreview.com, 401K.org, BankMe.com or even *gasp* Slashdot.

    Just a warning to search yourself carefully, and stop using that one secret password that no one would ever guess in a million years: A secret password that you've entered anywhere is no longer a secret.
  • www.PayPal.com



    for somereason this fooled people b/c the emails were sent in italics.

  • Okay, this is definitely bad. Fraud and theft. Debases society, robs us of the civility that lets us act like humans, spreads paranoia and hatred.

    On the other hand, it's pretty smooth. And maybe this will help break down the widespread confusion between address and content that everyone complains about whenever the TLD fiasco comes up. Maybe it will call attention to the need for encrypted site certificates. Maybe it will get people -- and software -- to pay more attention to fake links, like this one to goatse.cx [jesus.org].

    - Michael Cohn
  • It was mentioned under the Finding the right online credit card merchant [slashdot.org] story from yesterday.

  • http://slashdot.com [slashdot.com]
    http://zanyantics.com [zanyantics.com]
    http://slashdork.org [slashdork.org]
    http://smashdot.org [smashdot.org]
    http://crashdot.org [crashdot.org]
    http://splashdot.org [splashdot.org] //not set up yet...
    http://splashdot.org [trashdot.org]
    http://hashdot.org [hashdot.org]
    http://slapdash.org [slapdash.org]
    http://slashnot.org [slashnot.org]
    http://slashrot.org [slashrot.org] //not set up yet...
    http://slashpot.org [slashpot.org]
    http://slashbot.org [slashbot.org]
    http://hotgrits.org [hotgrits.org]
    http://slashroot.org [slashroot.org]
    http://slashback.org [slashback.org]
    http://smokedot.org [smokedot.org]
    http://crackdot.org [crackdot.org]

    Those are the ones I've found so far anyways...
  • Assuming these guys even had SSL certificates protecting www.paypai.com, people should have verified them. If people would start verifying the details in the SSL certificates (i.e. just look for the details in this case) nobody would be fooled. Just seeing the "lock" icon in the browser isn't an indication of security. Sadly, this is way over the heads of the common folk. Perhaps a dialog box should pop up that displays all the security details of a SSL-enabled site.
  • Not really a new issue, though -- many typewriters did without a 1 (numeric one) key for years: if you needed a 1 (numeric one) you typed l (alpha lower-case L).

    Side note: knowing this adds an interesting element to the following e.e. cummings poem:






    Note the interesting ambiguity created by the character that may be either alpha or numeric.

    Pretty cool.

  • you ned to use
    whois paypai.com@whois.easyspace.com
    to get the entire info
  • I blame font designers. Why in the world would you design a font where I, l and 1--that's the capital letter I, the lowercase letter l and the number 1--look so similar to each other? MS Sans Serif is to blame for most Windows users, but I'm sure other OSes have their own culprts.

    Now it's not just a matter of phonetic problems, as in corinthians.com vs. corinthiao.com, but apparently we now have to lump "visual phonic" problems into the mix.

  • Exactly why I always keep my status bar displayed. Hate sites that turn it off for me, it's that whole shite happening behind your back stuff that really gets me....

    Unfortunately even that doesn't always work. A few lines of JavaScript can put any text you want in the status bar, including a faked URL. You'd have to right-click the link to make sure it's really what it says it is, or look at the source. Or, turn of JavaScript altogether.

    "Better dead than smeg."

  • I would say that the legality is: If you're an ISP, probably just if you nullroute something, your customers might get mad but can't really sue you. Unless maybe you intentionally messed with a site's DNS so that your customers went to a fake site that seemed to be the real thing? Ha, sort of like what paypai.com did, but on a DNS level.

    Really though, I doubt you'd ever see this taken to court. Even the RBL is only just now being (possibly) challenged in court, and that's much more likely to ever see legal action than some private nullroute you implement on your own network.


  • I think it's time for every network admin out there to nullroute this bitch straight away. Wow, how super evil.

    Definitely not something to inspire general confidence in interent commerce either. You decide if that's a bad thing:)


  • In the recent domain hijackings that I think Slashdot linked, the actual trail of countries involved was pretty crazy and widespread. These guys know how to conceal themselves pretty well, they're not dumb enough to actually give their real country, etc, to netsol. If I was them I'd for sure give Romania or somewhere like that, cause some people will just go "oh well they're operating out of there because it's hard to catch them" and give up, which may be just what they want. The people could really be hoveled up in new jersey or whatever.

    On the other hand, Russia is definitely ground zero for credit card scams right now.


  • This is probably covered under existing laws, but they aren't going to stop scam artists like this guy. I am not saying Paypal should have anticipated this at all, that would be hard, but imagine if they HAD anticipated it, they would have saved so much hassle by spending an extra few bucks.

    Although they wouldn't get all this publicity...


  • Wait a second... Ural is in Russia! And Birykov (from "Birykov Inc.", the owner of Paypai.com) appear to be a russian name (but i'm not sure) - anyway, it is NOT a romanian name. Damn Network Solutions... they eat whatever you give them...
  • "X.com has notified law enforcement of the fake site and efforts to steal password information. We have taken steps to prevent this person from withdrawing money from the PayPal system. It is important to note that user credit card and bank account information CANNOT be viewed by people accessing the system even if they have the correct login code and password. Most importantly, NO PayPal user will lose ANY money as a result of this incident. X.com will absolutely guarantee that."
  • by Otto ( 17870 ) on Friday July 21, 2000 @08:10AM (#916066) Homepage Journal
    Before it died I got a good look at the source. I also logged in using a paypal account I made with no credit card info or cash in it or anything, so no problems there. :)

    Anyway, all the login info was routed through paypai.com, then it returned the paypal.com webpage. Worked essentially like a proxy, but probably logged the passwords. But the front end of the page was copied directly from paypal.com and had the paypal references changed to go to paypai.

    Interesting method of attack. I wonder if this is going to become more common. Makes you wonder how you can secure against this kind of scam from the viewpoint of the website designer. Okay, admittedly, if you can get a user to give out a password, he's boned, but still.

  • by generic-man ( 33649 ) on Friday July 21, 2000 @05:18AM (#916067) Homepage Journal
    Read the article. They sent out e-mails with the domain name containing a capital "I" (which looks a lot like a lowercase "l" in most fonts, especially the sans-serif fonts that companies like AOL use by default). Click the link, and you're presented with a PayPal look-alike. Log in, and your username (just your e-mail address) and password are forwarded to the phony site.
  • by Cylix ( 55374 ) on Friday July 21, 2000 @05:26AM (#916068) Homepage Journal
    Don't worry about it... looks like the slashdot
    effect already took care of the problem.

    All we have to do is keep a quick link at /.
    on hand to make sure they don't get back up.
    By the time our loyal crowd of slashdot readers
    get tired of constantly crushing...er revisiting
    the deciteful paypal site they will be out of

  • by Cylix ( 55374 ) on Friday July 21, 2000 @05:37AM (#916069) Homepage Journal
    Remember the fuss a while ago about the Network Solutions' license
    agreement concerning domains. (The one that says they are free to do
    nearly anything, include reposses your children and pets.)

    Has anyone ever tried contacting the registar of a domain and report
    such fraudulent abuse of a domain name. Network Solutions is fairly quick
    about protect mother corporate.

    Although PayPai.com uses something named EasySpace, I am sure the power
    of being a domain registar has already corrupted those in charge there
    and they would be more than insanely happy to be Registar cops.

    Will it soon be, Registar to the rescue? Instead of going through the
    proper authorities...especially when the business in question is located
    in some far off land or a floating oil rig with no internet law.
  • Is this so that Lucky Charms can have their url contain purple horseshoes, blue diamonds, green clovers, etc...
  • by Duxup ( 72775 ) on Friday July 21, 2000 @05:25AM (#916071) Homepage
    Well since:
    "They have created a site that looks exactly like Paypal"

    I guess you could go to paypal.com and pretend you're getting scammed. I just did, and I'm pretty pissed off and calling my credit card company right now.
  • by Duxup ( 72775 ) on Friday July 21, 2000 @05:51AM (#916072) Homepage
    I'm going for the full effect, I'm pretending I'm getting scammed, and I'm pretty pissed off. I'm going to call my credit card company right next.
  • by GeekLife.com ( 84577 ) on Friday July 21, 2000 @05:39AM (#916073) Homepage
    Hey, SIashdot.org and .com are still available for any one trying to grab some slashdot passwords out there. Boy, that'd be useful.

    NetworksoIutions.com [networksoiutions.com] on the other hand is taken, though not by anything useful.
  • by mr.ska ( 208224 ) on Friday July 21, 2000 @05:20AM (#916074) Homepage Journal
    Whoever is responsible for paypai.com didn't think things through too thoroughly, did they?

    First, they used a lure that was not only false, but that could be readily verifiable by the user. Big chunk o' cash waiting? I'll go see! Hmm, not there... uh oh! Using a less-effective lure (please click here to be removed from the paypaI.com mailing list) would not have generated as many hits, but would have kept him under cover much longer.

    I also think it was a bit untidy of him/her to use paypai.com as the main site. Personally, I look at the URL quite a bit. Seeing "paypai" would set me off instantly. Instead, he/she could have used something else, like "login.paypalcom.net" or even "welcome.to/paypal", and one might just assume they're expanding their service and changing server names (like Hotmail likes to do a lot).

    Even better (if it's possible), after recording the login and password, it could have spat the user to a "login failed" page with a "please try again" link, or maybe "server error, please try a different server [boo.hoo], sorry for the inconvenience" page, that then redirected the user to the REAL PayPal site.

    I have to admit - as illegal and unethical as this scam was, it was a fairly bright idea. Good thing for PayPal users that they didn't think it all the way through.

  • by drenehtsral ( 29789 ) on Friday July 21, 2000 @05:12AM (#916075) Homepage
    Yeah, i've been getting spammed by somebody who's got an address at hotmaiI.com and they are trying to do the same sort of thing. What they are doing is abusing the fact that a lot of GUI based users run their systems with all-but-unreadable proportional spaced slick fonts, and a capitol 'I' is often only one pixel different from a little 'l', and often their font anti-aliasing smoothes that out to a 25% tone difference on one pixel, and who'd be the wiser...
    I happened to notice this because i use a high contrast decent-sized courier font on my machine, and i run PINE in an KDE terminal window, so it stuck out like a sore thumb.
    As always the user is the weakest link in security...
  • by BMonger ( 68213 ) on Friday July 21, 2000 @05:29AM (#916076)
    Here's a mirror for PayPai.com. Just go to http://www.paypal.com [paypal.com]. :)

Machines that have broken down will work perfectly when the repairman arrives.