According to news in softpedia PayPal phishing scams are not uncommon. However, every once in a while experts notice a “flood.” The emails identified by Malwarebytes experts inform recipients of unusual activity in their accounts.
“Recently, there’s been activity in your PayPal account that seems unusual compared to your normal account activities. Please log in to PayPal to confirm your identity and update your password and security questions,” the emails read.
“To help protect your account, no one can send money or withdraw money. In addition, no one can close your account, send refunds, remove any bank accounts, or remove credit cards.”
The messages contain a link that points to a PayPal phishing website (see screenshot). The cybercriminals tell victims that they have to wait 72 hours before they get a response. This gives them enough time compromise accounts.
The phishing pages are hosted on a large number of domains, and over 500 IP addresses are associated with this particular attack.
PayPal customers are also targeted with fake “You’ve Received New Funds!” emails that purport to come from the payment processor. According to Webroot, these notifications carry a piece of malware, more precisely, a variant of the notorious ZeuS banking Trojan.