Have you received a notification claiming that your PayPal email address has changed?
Messages like the following have been spammed out to internet users:
Subject: You have changed your PayPal email address
Attachment: Personal Profile Form - PayPal-.htm
Dear PayPal Customer,
You have added [EMAIL ADDRESS] as a new email address for your Paypal account.
If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Sincerely, PayPal Account Review Department.
Attached to the email is an HTML form (Personal Profile Form – PayPal-.htm), that requests you enter your personal information.
Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.
PayPal is one of the most phished brands on the internet, as unlike traditional banks it has a truly global presence increasing the chances of a scammer successfully hooking a victim when they spam out their attacks en masse.
The PayPal website asks that if you receive a spoof email to forward it to their security team.
Make sure that you take care when receive unsolicited emails, seemingly from PayPal. It could be that in your haste to fix a security problem you are handing your credentials over to a criminal.