There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:
Subject: PayPal Account Review Department
Dear PayPal customer,
We recently reviewed your account, and we suspect an unauthorized transaction on your account
Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.
Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.
- Login to your Paypal with your Paypal username and password.
- Confirm your identity as a card member of Paypal
Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”
All typos and grammatical errors are from the original email.
If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.
So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.
There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.