In this version, the scammers have sent out a fake PayPal notification email that warns that the security questions and answers for your account were changed on a specified date. The email advises that, if you did not authorize this change, you should contact PayPal by calling a phone number supposedly listed on a PayPal webpage.
But, to get this number, you must click a ‘Log in Now’ button. The button opens a fraudulent website designed to look like a genuine PayPal login page. If you ‘login’ on the fake page, cybercriminals can collect your login credentials and use them to hijack your real PayPal account. And, of course, even after ‘logging in’ on the fake site, you will still not get to the promised phone number. Instead, you will be automatically redirected to the real PayPal website and left none the wiser.
Keep in mind that genuine PayPal emails always address you by your full name. They will never use greetings such as ‘Hello [email address], or ‘Dear Customer’. Always login to PayPal by entering the address into your browser’s address bar or via an official app rather than by clicking a link in an email.
You can report PayPal phishing and learn more about such phishing attacks via the information published on the PayPal website.
Subject: Confirm your new Security Question and Answer
Hello [email address removed],
The security questions and answers for your PayPal account were changed on Feb 23, 2016.
If you did not authorize this change, please contact us immediately using the phone number found on the following page:
Log In Now
Last updated: March 1, 2016
First published: March 1, 2016
By Brett M. Christensen