The research firm AppRiver reports a new PayPal phishing scam is making the rounds using a phoney security message to obtain personally identifiable information.

While spear-phishing attacks have been grabbing most of the headlines lately, AppRiver researcher Troy Gill said the PayPal scam is instead casting a wide net to obtain sensitive data from as many people as possible. 

The supposed PayPal email informs the victim their account has been placed on a “limited” status with no activity allowed until certain information is confirmed.

The email has an HTML attachment that launches the recipient to a page where the personal data can be input, to include name, address, mother's maiden name, payment card information, Social Security number and phone number.

Gill said the HTML page is a dead giveaway that this is a scam, but an unknowledgeable person might not realise PayPal would simply direct someone to their account page.