With "You have changed your PayPal email address" in the subject line, the sender attempts to convince the recipients that someone has accessed their account and changed the email address associated with it. To "keep the original email and restore their PayPal account", the users are required to fill out the attached Personal Profile Form - PayPal-.htm form.
Unfortunately for those who fall for this scam, the submitted information gets sent directly to the phishers, points out Sophos.
As always, users are advise to ignore emails such as these - or better yet, forward them to the company's security team - and to check if anything is amiss by going to PayPal's legitimate site by typing in its URL directly into their browsers.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.