I never thought it would happen to me, but I fell for an Internet scam. Don't worry. It wasn't that serious. I didn't send any money to help some deposed prince get $20 million out of his country. I haven't joined any bizarre multi-level marketing plans that are somehow set in motion by me sending $50 to a stranger.

In fact, I didn't lose any money at all, but I'm still ashamed. I like to think of myself as a savvy computer user. I'm a part-time computer journalist. I used to be a computer trainer, and computers play a large role in my current job, as well. I should have known better. When that e-mail allegedly from PayPal came into my inbox, I should have deleted it. And yet I did not.

The subject was, "Urgent: PayPal Account Update." In my experience, whenever I see the word "urgent" in an e-mail, the message is anything but, yet I still opened it.

The graphics in the e-mail were taken straight from the PayPal web site. To make the e-mail look authentic, there was even a clever sidebar telling users, "protect your password. Never give your password to anyone." Little did I know that was exactly what I was about to do.

The body of the message read like this:

Today, we had some trouble with one of our computer systems. While the trouble appears to be minor, we are not taking any chances. We decided to take the troubled system offline and replace it with a new system. Unfortunately this caused us to lose some member data. Please log on to your account to make sure your information is not affected.

After that, I learned that my next two transfers would be free to make up for the inconvenience. And there was a web address for me to click on. It appeared to be a real address for PayPal, but due to the wonders of HTML mail, it linked to a different address. While the link said www.paypal.com, it was really a link to "www.paypalsys.com."

Of course, I clicked on it. I don't know why. It's not like I use PayPal very often, so I wasn't particularly worried that my account wasn't up to date. And I should have been suspicious that PayPal would send such an e-mail. Come on, what right-minded company would admit to having trouble with its computer systems? If Wall Street had found out, it would have sent PayPal's stocks plummeting.

What an idiot! Rarely have I felt quite so stupid. It all reminded me of a fake Modern Humorist banner ad from a few years ago that read, "Your credit card may have been stolen. Type in the number and expiration date now to find out."

Luckily, I knew enough not to give the site my credit card or Social Security numbers, but I had logged into the phony site with my password. Armed with that, the deadbeat behind this scheme could get into my PayPal account and easily access my bank account. About two minutes later, I logged into the real PayPal and changed my password. When I called up the company and sheepishly explained what I had done, the reps were quite helpful, explaining that I would be OK since I had immediately changed my password. And it seems they were right. No strange activity has taken place. A bruised ego is about all I have suffered.

....(the author explained that the per capita loss due to Internet fraud was $299 in 2002, a total of $54 million, according to FBI estimates)

It turns out that PayPal is a frequent victim of this type of fraud. The company first noticed spoofed mails like the one I got in early 2002, though by the fall it had become common enough that it was hearing from other Internet sites with similar problems.

Kevin Persglove, senior director of communications for eBay, which now owns PayPal, admits that it can be quite a challenge to stop these spoof e-mails. "By the time we detect it, the people behind the scam have usually disappeared." he said. ISPs are usually helpful in closing down sites, but it's tough for them to do so in a timely fashion. Since the sites usually stay up for only 24 to 48 hours, it's especially difficult to catch the perpetrators.

Pursglove says that the company has worked hard to educate its users as much as possible. On its Web site and message boards, it offers the following advice. Never click on a link within an e-mail from PayPal. PayPal will never ask you to do that. Instead, you should always type www.paypal.com into your browser when asked to log in. If you're ever entering personal information for PayPal, the Web site will always be secure. The address will begin with "https" rather than "http," and a little lock will be displayed in the bottom left corner of your browser.

Of course, you probably know enough that you don't need to be told this. Unfortunately, it's obvious that I do need to be told.