Browse archive

Latest news

The CSO perspective on healthcare security and compliance

Cyber espionage campaign uses professionally-made malware

Form-grabbing rootkit sold on underground forums

Large cyber espionage emanating from India

Over 45% of IT pros snitch on their colleagues

U.S. DOD decides iPhones and iPads can connect to its networks

Digital Government Strategy progress and challenges

Barracuda updates web application firewall

Targeted data stealing attacks using fake attachments

New Mac spyware signed with legitimate Apple Developer ID

Thoughts on the need for anonymity

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

"PayPal email address change" phishing scheme doing rounds

Posted on 25 November 2011.

PayPal users are targeted again as emails supposedly sent by the online payment company urge them to fill out a form with their personal and financial information in order to prevent the suspension of their accounts:

With "You have changed your PayPal email address" in the subject line, the sender attempts to convince the recipients that someone has accessed their account and changed the email address associated with it. To "keep the original email and restore their PayPal account", the users are required to fill out the attached Personal Profile Form - PayPal-.htm form.

In order for everything to go smoothly, the sender also "helpfully" notes that "the form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)."

Unfortunately for those who fall for this scam, the submitted information gets sent directly to the phishers, points out Sophos.

As always, users are advise to ignore emails such as these - or better yet, forward them to the company's security team - and to check if anything is amiss by going to PayPal's legitimate site by typing in its URL directly into their browsers.