Part 2 of our look at Paypal cons

Password requests

We have all received the plea from http://www.paypal.com saying something like, "We are updating our records and need to know a password and other account details before the sun sets, else we will cancel your account." If you deal with Paypal, of course you know they never ever ask for account details outside of the website, so you would think that it was a no-brainer to just pass them all by. But no! Human stupidity coupled with an identical copy of the paypal homepage makes for persuasive spam. We don't know the numbers but enough people have done it to make it common knowledge!

Copycat Paypal sites

How can you make an identical copy of Paypal, and get away with it? Easy, if your victims run an old browser like IE5. Look at my link above. Check the "a" in "pay". It uses a slightly different font from the rest of the address. That loophole has been closed by the modern browser developers, but there are a few million still on IE5 and earlier, and no doubt there are other tricks on the way for IE7 users.

Money lures - Little and often

The spammers can even con experienced internet users who are not prepared to fall for the account details request. Simply offer money, but a more realistic sum than that offered by the Nigerian spammers. Instead of $10m cheques in your name, they say you have received a payment for say, $60, please submit your account details so they can process the deposit - or some such variation. Little sums, gently gently requests, a moment of weakness as curiosity takes over - a great recipe to roll over another few thousand accounts.

If you clicked on the above paypal address, it didn't take you to paypal. (Luckily not even us satirists thought it fair game to screw with readers like that.) But we could have easily taken you to a paypal clone, run by someone calling themselves Ivan Stroptevisich of Leningrad!

Tomorrow: How to avoid being conned