With "You have changed your PayPal email address" in the subject line, the sender attempts to convince the recipients that someone has accessed their account and changed the email address associated with it.
An email notification supposedly sent by PayPal saying that an intrusion into the user's account has been detected is currently hitting inboxes around the world.
As Juliano Rizzo and Thai Duong have demonstrated on Friday, the SSL/TLS encryption used by the great majority of websites has been cracked.
Even though the FBI started serving search warrants and arresting people suspected in participating in the Anonymous' "Operation Payback" way back in January, it is only after last week's arrests that it began to be clear that the FBI is not randomly knocking on doors of people who used the PayPal site at the time of the attack.
LulzSec has been assimilated back into Anonymous, but their AntiSec campaign keeps going.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.