Reason to be careful if ‘PayPal’ says you have changed your email address

Reason to be careful if 'PayPal' says you have changed your email address

Have you received a notification claiming that your PayPal email address has changed?

Messages like the following have been spammed out to internet users:

PayPal phishing

Subject: You have changed your PayPal email address

Attachment: Personal Profile Form - PayPal-.htm

Message body:
Dear PayPal Customer,

You have added [EMAIL ADDRESS] as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Attached to the email is an HTML form (Personal Profile Form – PayPal-.htm), that requests you enter your personal information.

Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.

PayPal is one of the most phished brands on the internet, as unlike traditional banks it has a truly global presence increasing the chances of a scammer successfully hooking a victim when they spam out their attacks en masse.

PayPalTo its credit, PayPal offers advice about phishing on its website, and has even created a “Can you spot phishing?” challenge to help educate its users about the dangers.

The PayPal website asks that if you receive a spoof email to forward it to their security team.

Make sure that you take care when receive unsolicited emails, seemingly from PayPal. It could be that in your haste to fix a security problem you are handing your credentials over to a criminal.