Modernizing Authentication — What It Takes to Transform Secure Access
PayPal users are advised to be on high alert this week for a new email-based phishing attack designed to steal the login and password credentials for their Internet payment accounts.
Security software vendor Sophos over the weekend posted an advisory to thousands account holders warning of unsolicited emails that appear to be from PayPal stating that their accounts have been "temporarily limited."
The scam email, which is just the latest hoax targeting the PayPal community, tells users that several different computers have recently tried to access their account with numerous failed password attempts.
"Until we can collect secure information, your access to sensitive account features will be limited," the bogus email reports. "We would like to restore your access as soon as possible, and we apologize for the inconvenience."
In order to "restore" access, users are advised to fill out an attached form, identified as Restore_your_account_PayPal.html.
Graham Cluley, a senior technology consultant at Sophos, makes it clear that anyone receiving this solicitation should avoid it at all costs.
"Entering your confidential information into the form is only going to pass your private data to the cybercriminals behind this spam campaign who will use it to phish your account for money and perhaps steal your identity," Cluley wrote in the blog posting.
Phishing campaigns of this type are nothing new to PayPal.
In November, the Internet payment provider pushed out a fix for a security hole in its iPhone application that successfully tricked users into logging into the service through an unsecured Wi-Fi connection, giving data thieves access to their passwords and account information.
"You may not have fallen for it (the lack of graphics in the email body make it look less convincing than some of the PayPal phishing scams we often see) but you may have other loved ones and acquaintances who would be vulnerable to an attack like this," Cluley added.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.