A new batch of PayPal phishing e-mails are targeting users of the payment-processing site, snatching victims by posing as critical security warnings.
The spam e-mails, from the sender "tax@ato.gov.au" and titled “Please confirm your identity,” inform recipients that their PayPal accounts have been compromised.
To solve the supposed security problem, users are told to open an attachment and “allow javascript and ActiveX to run from the bar that will pop-up, otherwise we cannot verify the information you have provided,” the security firm Sophos said.
The attachment, which looks strikingly similar to the genuine PayPal login page, asks users to input their credit card numbers, bank names, dates of birth, and billing addresses.
This is just another trick in a long line of money-hungry scams targeting the widely used payment processing site. In 2010, more than 53 percent of all malware-infested e-mails were sent under the guise of being from PayPal, according to security firm Kaspersky Lab.
Security experts warn PayPal users to avoid entering any personal information in attachments or pop-ups. “If they really have a security message for you, you’ll be able to read it via the PayPal messaging system itself,” Sophos wrote on its blog.