Sophos warns of PayPal phone phishing scam

by admin July 9, 2006 at 1:01 pm

Attacks evolving as users learn not to click links

Sophos has warned of a new phishing email that tries to trick PayPal users into calling a phone number and revealing their credit card details.

The email purports to come from PayPal, and claims that the recipient’s account has been the subject of fraudulent activity.

Unlike normal phishing emails, the message contains no internet link or response address. Instead, the recipient is urged to call a US phone number and verify their details.

When the number is dialled, users are greeted by an automated voice saying: ‘Welcome to account verification. Please type your 16-digit card number.’

“Although it’s an American telephone number, the fact that PayPal is used globally means that anyone could be tricked into making the call,” said Graham Cluley, senior technology consultant at Sophos.

Full story: