The research firm AppRiver is reporting a new PayPal phishing scam is making the rounds with this version using a phony security message to obtain personal identifiable information.
While spearphishing attacks have been grabbing most of the headlines lately, AppRiver researcher Troy Gill said the PayPal scam is instead casting a wide net to obtain sensitive data from as many people as possible. The supposed PayPal email informs the victim their account has been placed on a “limited” status with no activity allowed until certain information is confirmed.
The email has an HTML attachment that launches the recipient to a page where the personal data can be input, to include name, address, mother's maiden name, payment card information, Social Security number and phone number.
Gill said the HTML page is a dead giveaway that this is a scam, but an unknowledgeable person might not realize PayPal would simply direct someone to their account page.