Amazing. They didn’t want me to type my password into an e-mail, and they did want me to go to real PayPal site. So I went to real site. Took a good look at it, then returned to e-mail, which said on its lefthand side:

“Dear PayPal Member: Attention! Your PayPal account has been violated! Someone with ip address 149.225.126.87 tried to access your personal account!

“Please click link below and enter your account information to confirm that you are not currently away. You have 3 days to confirm account information or your account will be locked. Click here to activate your account.

“Thank you for using PayPal! The PayPal Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to” -- and they had an official looking link for me to click.

So I clicked on it. Which I shouldn’t have done, and maybe that’s where I got attempted computer hijacking and a tracking cookie. But I was curious. I was taken to a website that looked EXACTLY like PayPal official website. Remember? They had me go to real one to see how it looked. I still had real site on another screen, so I went back to it. The two sites were EXACTLY same, except for two things:

The real PayPal website recognizes my computer. It automatically welcomes me and puts up little stars that represent my password. The scam website had blank spaces for my account number and password.

Well, of course they were blank! The whole point was that I should fill in my PayPal password and account number so they could wipe out my account.

Second difference: address in window at top of scam site was not that of PayPal. It was a string of code letters and numbers.

I still had real PayPal site on another screen. I flipped back to it. The address in window at top was http://PayPal.com. The address on scam site was not.

And those were ONLY TWO DIFFERENCES. Talk about low-down, sneaky scams!

I hope I have turned you into a gimlet-eyed, suspicious person -- but only where Internet frauds are concerned.

Find the best recipe, food gift, and healthy dieting sites in Janette Blackwell’s Delightful Food Directory, http://delightfulfood.com/main.html -- or enjoy her country cooking at Food and Fiction, http://foodandfiction.com/Entrance.html

•Anti-scam rule 1: Never click on an attachment from a good friend unless you are positive friend sent it. It takes only a minute to click on “Reply” and ask friend, “Did you really send this?”

•Anti-scam rule 2: Never double-click on an e-mail attachment that contains an executable, such as an EXE, COM or VBS suffix. Once you click on it, an executable can do any sort of damage it wants. (Enough people now know this to make scammer say, “This attachment is virus-free.” If you believe that, I’ve got a nice bridge I’d like to sell you.)

•Anti-scam rule 3: Your computer CANNOT be infected by an e-mail attachment unless you click on attachment. If you simply delete suspicious message without clicking on a link or attachment, you’re okay.

REAL CHUTZPAH

It’s so awful it’s funny, but after scammers have used your stolen address to scam thousands, they have one more scam up their sleeves.This is message they sent me:

“Your e-mail account was used to send a huge amount of spam during this week. Obviously, your computer was compromised and now contains a trojan proxy server. Please follow instruction in attached text file in order to keep your computer safe.

Sincerely yours, The foodandfiction.com team.”

My first thought was, “How nice. These people are sympathetic to my problem and want to help me.” And then I thought, “Wait a minute! This message is supposedly from foodandfiction.com team. Food and Fiction, http://foodandfiction.com, is me, myself, and I, and I never sent that message.” Of course, if my e-mail address had been, say, AOL, message would have been signed, “the AOL.com team.” I might have thought dear folks at AOL were trying to help me, and I’d have clicked on that attachment. Which was of course from scammer, not AOL, and would have infected me.

•Anti-scam rule 4: Having your address stolen does NOT infect you with a virus or trojan horse. If you don’t open suspicious attachments, you are all right -- though you may want to warn your friends that they’ll be getting attachments pretending to be from you, which attachments will infect them if they open them.

Coming next: an article on hijackings and spyware.