Latest phishing scam goes low tech

Security companies are warning of a new type of phishing scam that uses decidely low-tech methods to harvest information.

The scam has been started with spam emails purporting to come from PayPal, the online payment service owned and operated by eBay.

The email warns of a hacking attack and urges customers to print out a website form with their banking details and fax it in. 

The message reads: 'Dear Paypal Customer. Unauthorized person tried to reset the password from your paypal account. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, you have to complete the affidavit form. Click here to download the form. Please send a fax in the next 24 hours to [number removed] with affidavit form completed.'

The form, which is hosted on a Polish website, asks for email addresses, credit card details and PayPal passwords and asks the recipient to fax them to a US toll free number, starting with the code 1 800.

"It's possible that some people who know that they need to be careful about entering their confidential information on a bogus website may think that completing and faxing back such a form is somehow safer," said Graham Cluley, senior technology consultant at Sophos. 

"Interestingly the phishing gang may have made a huge blunder by including the fax number in their scam. PayPal and the authorities are sure to follow that lead when investigating this matter further."

Cluley added that the number had been tested and appeared to be valid. Setting up a toll free number would be likely to leave clues for investigators.