The download and a click on the attachment opens up a HTML file that mimics the PayPal's "My Account" page and asks the user to enter its credit card and personal information in order to "remove the limitation" regarding the ability to access the account.
The e-mail itself should raise some suspicions, especially because the e-mail account from which it arrives is not one of PayPal's. But, in general, users should do well to remember that they should never follow links or download attachments from unexpected or unsolicited e-mails, but to go directly to the site in question by typing the URL in the address bar of the browser and log in there to inspect the claims from the e-mail.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.