PayPaI

PaypaI is a phishing scam, which targets account holders of the widely used internet payment service, PayPal, taking advantage of the fact that a capital "i" may be difficult to distinguish from a lower-case "L" in some computer fonts. This is a form of a homograph attack.

The scam involves sending PayPal account holders a notification email claiming that PayPal has "temporarily suspended" their account. Instead of linking to PayPal.com, the site references in the email link to a convincing duplicate of the site at paypai.com, in the hope that the user will enter their PayPal login details, which the owner of paypai.com can then store and use.

History
Paypai was first active in mid-2000. It sent account holders of PayPal bogus payment receipt notifications, mimicking those sent by PayPal, indicating that the account holder had received a large payment and directed recipients to paypai.com through a link in the message.

The site, paypaI.com, was an exact replica of the HTML source code and images that PayPal uses on its home page. While devious, this was not difficult, since the HTML and images are downloaded for display whenever a user visits a website. The site was registered with Network Solutions to a "Birykov" in South Ural, Russia.

At the time, MS Sans Serif, a font similar to Arial that rendered capital "i" and lowercase "L" almost identically, was the default font in the address bar on most Windows applications. When Windows XP was released in 2001, Tahoma became the default; Tahoma places serifs on the capital "i" to easily distinguish it from lowercase "L".

Paypai scams resurfaced in 2011, 2012, 2017, and 2020.