The research firm AppRiver reports a new PayPal phishing scam is making the rounds using a phoney security message to obtain personally identifiable information.
While spear-phishing attacks have been grabbing most of the headlines lately, AppRiver researcher Troy Gill said the PayPal scam is instead casting a wide net to obtain sensitive data from as many people as possible.
The supposed PayPal email informs the victim their account has been placed on a “limited” status with no activity allowed until certain information is confirmed.
The email has an HTML attachment that launches the recipient to a page where the personal data can be input, to include name, address, mother's maiden name, payment card information, Social Security number and phone number.
Gill said the HTML page is a dead giveaway that this is a scam, but an unknowledgeable person might not realise PayPal would simply direct someone to their account page.