Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

"PayPal email address change" phishing scheme doing rounds

Posted on 25 November 2011.

PayPal users are targeted again as emails supposedly sent by the online payment company urge them to fill out a form with their personal and financial information in order to prevent the suspension of their accounts:

With "You have changed your PayPal email address" in the subject line, the sender attempts to convince the recipients that someone has accessed their account and changed the email address associated with it. To "keep the original email and restore their PayPal account", the users are required to fill out the attached Personal Profile Form - PayPal-.htm form.

In order for everything to go smoothly, the sender also "helpfully" notes that "the form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)."

Unfortunately for those who fall for this scam, the submitted information gets sent directly to the phishers, points out Sophos.

As always, users are advise to ignore emails such as these - or better yet, forward them to the company's security team - and to check if anything is amiss by going to PayPal's legitimate site by typing in its URL directly into their browsers.