US-CERT Current Activity
PayPal Phishing Attack
Original release date: April 1, 2008 at 10:22 am Last revised: April 1, 2008 at 10:22 am
US-CERT has seen reports of a phishing attack that targets PayPal users. The attack arrives via an unsolicited email message containing an HTML attachment. The message indicates that the attachment is a verification form intended to offer the user protection from fraudulent activity. Users who open the attachment are instructed to enter their email address and PayPal password. This information is then sent to an attacker.
US-CERT encourages users to do the following to help mitigate the
* Install anti-virus software and keep virus signatures up to date.
* Do not open unsolicited email messages.
* Refer to the Recognizing and Avoiding Email Scams document for
more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.