PayPal customers are again targeted by a phishing scam. The integrated threat management solutions company Sophos has issued a public warning to all those that use PayPal services to stay away from e-mails that ask them to authenticate their account information. PayPal users have been receiving e-mails, disguised as coming from the company, that warn them of their account being compromised.

Generally this is incentive enough for a user to follow up the instructions included in the e-mail. Furthermore, the customers are threatened with the cancellation of their accounts if they fail to do update their credit card data. In this case, the users that have apparently been victims of fraudulent activity are advised to settle the matter over the phone, rather than doing it over the Internet, as traditional e-mail phishing scams used to operate. Over the phone, users are greeted by an automated message that asks them to enter their 16 digit card number.

"Users that type in their card information may think they're verifying their PayPal account, but in actual fact, they're handing their details over to cyber criminals on a plate," said Graham Cluley, senior technology consultant at Sophos. "Though it's an American telephone number, the fact that PayPal is used globally means that anyone could potentially be tricked into making the call. This scam attempt underlines a real problem for online companies in how they communicate with their customers. Many users are beginning to learn to not click on links in unsolicited emails, and only visit the legitimate websites run by their favorite brands, but how many would know whether a phone number for their website is genuine or not? As hackers get smarter we are likely to see them increasingly not only set up fake websites, but 'harvest' messages from corporate switchboard systems to appear even more like the legitimate company."