Have you received a notification claiming that your PayPal email address has changed?
Messages like the following have been spammed out to internet users:
Subject: You have changed your PayPal email address
Attachment: Personal Profile Form – PayPal-.htm
Message body:
Dear PayPal Customer,You have added [EMAIL ADDRESS] as a new email address for your Paypal account.
If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.
NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Sincerely, PayPal Account Review Department.
Attached to the email is an HTML form (Personal Profile Form – PayPal-.htm), that requests you enter your personal information.
Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
