http://www.msnbc.com/news/435937.asp Scam artist copies PayPal Web site -- Convincing duplicate is PayPai.com The only clue that this web page is a clever fake of PayPal is the URL: www.PayPai.com. By Bob Sullivan -- © MSNBC July 21 — A scam artist has created an exact replica of PayPal.com, and appears to be using the fake site to pilfer usernames and passwords from customers of the online payment system. The site, deceptively named PayPai.com, is a convincing duplicate of the real thing — but according to Network Solutions Inc., Paypai.com is registered to Birykov Inc. in South Ural, Romania. PayPal users should use care while the scam is still in operation. PAYPAL, WITH 2.6 MILLION customers, is easily the largest online payment system designed to support online auction users. Customers set up accounts so they can transfer funds back and forth without having to wait for personal checks to clear or money orders to be delivered. Most customers currently pay nothing for the service, which considerably speeds up the auction buying process. But in this case, a scam artists has apparently discovered a way to dupe PayPal users by dangling a large payment in front of them. Not only is “Paypai.com” very convincing — the scam artist goes even one step further. He or she is apparently e-mailing PayPal customers, saying they have a large payment waiting for them in their account. It then offers up a link, urging the recipient to claim the funds. But the URL which is displayed for the unwitting victim uses a capital “I,” which looks just like a lower-case “l” in many computer fonts. So, when the victim clicks on that link, they are directed to a copycat login page that’s really sitting on a British Web hosting service called “Easypost.” If the victim does log in, the username and password is sent to the scam artist. E-mails to Easypost were not immediately returned. Thursday, on a message board devoted to PayPal, several users confessed they’d been tricked into logging in, but got suspicious and changed their account information soon after. “Well color me stupid. I read half your message (warning of the scam), then went over and checked it out. I logged in and then came back and read the rest,” wrote one. “Can someone say IDIOT!! I immediately went to the real PayPal and changed my password. Oh well, silly me.” No users reported noticing any PayPal funds had actually been stolen as a result of the scam. Armed with the username and password, a scam artist could possibly drain a victim’s PayPal account. But it could be worse — in some cases, PayPal accounts are linked to credit cards or personal bank accounts. That information would also be available to the computer vandal. PayPal did not immediately respond to inquiries, but both that company and Easyhost had been notified of the scam by late Wednesday, according to writers on the Internet message board. According to one user, the enticing e-mail read like this: Michael Swenson just sent you money with PayPal. Amount: $827.46 Click here to get you new account bonus! http: //www.PayPaI.com/bonus Did you know you can earn money with the PayPal Refer-a-Friend program? Go to http: //www.Pay-Pal.com/specialoffers for more details. To view your PayPal balance or other account information, log in at http: //www.PayPaI.com/login ------------------ Stay Cool...
http://www.msnbc.com/news/434192.asp PayPal no friend to scam victims Yahoo! users bilked of $10,000 by fake hard drive auctions,while third-party online payment firm offers no protection By Bob Sullivan -- MSNBC July 18 — In the past three weeks, dozens of Yahoo! auction customers were cheated of at least $100 each by a scam artist selling computer hard drives. Most had used a third-party payment company named PayPal, which advertises itself as the safe and secure way to make payments in online auctions. So the victims were shocked to learn that PayPal — the largest auction payments system, with 2.6 million users — offered them none of the built-in consumer protection familiar to credit card users. THE TROUBLE STARTED in late June, when a Yahoo user identifying himself as “harddrives4sale” began auctioning off four drives every day for about two weeks. He urged auction winners to use the PayPal service, saying he would get his money faster and thus could deliver the hard drivers faster. At least 50 sent the money via PayPal; none received the hard drives. Since there is no mechanism to stop payment or contest charges against their PayPal accounts, the victims have no prospects for getting back their money. “This guy found a weakness in the system and exploited it,” said Sam Johnson, who was cheated out of $418. Johnson has set up a Web page where victims of the scam artist have collected their complaints and discussed strategy. A big part of their discussion: Why isn’t PayPal offering victims some kind of relief? When asked for help, victims got this reply: “PayPal is not an escrow service, and cannot protect buyers from sellers with illegal or unsavory business practices.” PayPal, which began facilitating payments between auction buyers and sellers in November, has enjoyed stellar success, and was acquired by online banking firm X.com in March. Not only has the company signed up 2.6 million users, but it’s even become the most popular payment service used on eBay, dwarfing the auction site’s own rival service, Billpoint. PayPal works like this: Users open an account and fund it with credit card deposits, personal checks, or by receiving payments from others. Then, account holders can pay auction sellers instantly with PayPal funds. That’s a big advantage — the most frustrating part of the online auction business for sellers is waiting for payments to arrive via snail mail and then waiting for personal checks to clear. What’s more, the service is free, so merchants can accepts credit card payments without paying a transaction fee. ‘THEY SENT THAT PERSON MONEY’ But while sellers love the speed of the service and the security of knowing a check won’t bounce, buyers don’t have the built-in safety net offered by credit cards. The company makes clear in its terms of service that it’s not a bank or escrow service and has no legal obligation to help users who are cheated out of money. In fact, the company’s terms of service even predicts the possibility: ”[PayPal] does not ensure the quality, safety, or legality of the merchandise received, nor that the seller will even ship the merchandise.” Vince Sollitto, a spokesperson for PayPal, said his firm has shut down the scam artist’s account already and is investigating the incident. Sollitto said PayPal changed its company policy on Friday to allow victims who filled their accounts with credit card funds to pursue refunds through their credit card companies — though he said the policy change had nothing to do with this Internet scam. But users who fund transfers purely with cash balances in their accounts will still have no recourse. “Well, they sent that person money,” he said. “Our terms of use are quite clear. You asked us to send money to another person. We encourage you to know to whom you are sending money and why.” RIPE FOR ABUSE? And since there’s no way to stop payment or contest charges against their accounts, the PayPal system is ripe for fraud, according to Ken Owens of Twentyninepalms, Calif. He lost $191 in the scam. “I’m sure [the scam artist] was hoping everybody sent money through PayPal,” Owens said. “I’m sure he read the user agreement too.” Victims who paid via a personal check sent through regular mail discovered the scam artist was using a fake address, and their checks were returned by the U.S. Postal Service. POSSIBLE LINK TO ILLINOIS SCAM As for the scam artist, he used the name “Richard Nelson” in e-mails to the victims to announce they had won their various auctions. The headers of those e-mails, as supplied to MSNBC.com by victims, suggest the e-mails originated at “AlwaysPC.com,” which is registered to a “Jay Nelson” in New Hampshire. The phone number attached to that registration has been disconnected. An alleged scam artist named Jay Nelson was charged Feb. 14 by the Illinois Attorney General’s office with failing to deliver auction merchandise to buyers and with selling pirated software. Lori Corral, spokesperson for the attorney general’s office, said there was no evidence to suggest that the harddrives4sale case and the Illinois case are related, but she confirmed that three consumers had recently filed complaints with her office suggesting a link between the two. WHO REGULATES PAYPAL? The story raises interesting questions about online payment firms like PayPal which may act like a bank, and hold money in accounts like a bank, but are not subject to federal banking regulations. Doug Johnson, senior policy analyst for the American Banker’s Association, said he thinks federal regulators will eventually treat Internet-based payment systems like banks. “I wouldn’t be surprised if the FTC or another agency does try to make sense out of this in the near future. But from a consumer standpoint, this is problematic at this juncture,” he said. Dolores Gardner, an attorney in the Bureau of Consumer Protection at the Federal Trade Commission, said many consumers are surprised they have no protection when using services like PayPal. “We’ve received a number of complaints about various companies acting as third-party facilitators of credit card transactions between buyers and sellers,” she said. Despite detailed terms of service agreements, she said, some companies haven’t done an adequate job of explaining to consumers what their rights are. “It’s not the kind of thing a consumer should have to ask about,” she said. But any future changes won’t help Richard Nelson’s victims, who are collectively out nearly $10,000 according to a tote board of victims that has been compiled. “Just when you thought you could trust the Net something like this happens,” said Tom Wight, of Agawam, Mass. “I know this is not the first time someone has been scammed over the Net, but I guess it doesn’t hit home until it happens to you.” ------------------ Stay Cool...
