Forbidden Web

Apr 01, 2008

PayPal Phishing Attack
US-CERT has seen reports of a phishing attack that targets PayPal users. The attack arrives via an unsolicited email message containing an HTML attachment. The message indicates that the attachment is a verification form intended to offer the user protection from fraudulent activity. Users who open the attachment are instructed to enter their email address and PayPal password. This information is then sent to an attacker.

US-CERT encourages users to do the following to help mitigate the risks:

Install anti-virus software and keep virus signatures up to date.
Do not open unsolicited email messages.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.