14 DAY TRIAL // PayPal, one of the most popular names utilized by phishers in their malicious campaigns, is once again used to send unsuspecting internauts an email that alerts them of an account email address modification.
“You have added [EMAIL ADDRESS] as a new email address for your Paypal account,” reads the message provided by Graham Cluley. “If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.”
Once the form attached to the email is opened, the user is required to provide personal and account information that will later allow the hackers to take over the victim's assets.
To make sure people understand exactly what they have to do, the crooks even recommend a number of browsers that can be used.
“NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9).”
Like all the cleverly crafted messages, this one comes with an apology, but also with a threat.
“Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience. If you choose to ignore our request, you leave us no choice but to temporary suspend your account.”
Remember that PayPal and other organizations that handle bank accounts or online transactions, never ask for such detailed information.
Also, beware of emails that come with attachments. PayPal legitimate alerts never come with attachments and they always point to the official website instead of something that only resembles the genuine page.
Since they realized that their services are highly targeted by hackers, PayPal even issued an advisory in which they precisely explain how users should identify phishing scams.