Security experts warn of PayPal phishing scam

Security experts at Sophos have warned PayPal users to look out for fraudulent emails about 'account limitations' that attempt to harvest log-in details.

Graham Cluley, senior technology consultant at the vandor, said in a blog post that the bogus emails claim that accounts have been temporarily limited, and ask for user log-in details to remedy the 'problem'.

"Plenty of people have been targeted by an attack which uses the subject line 'Your account has been temporarily limited!', and claims to come from what appears to be an official PayPal address," he said.

"Beware opening the attached reactivation form too quickly, because you could be passing your personal information to cyber criminals."

Cluley explained that the emails use forged headers with the intention of harvesting personal and financial information from PayPal users.

The emails take a particularly devious route, claiming that the recipient's account has seen a number of access attempts, including multiple password failures.

The messages also suggest that users have managed to guess passwords and access the account, thereby necessitating that a limit be placed on the account until investigations are completed.

"Until we can collect secure information, your access to sensitive account features will be limited," reads the fraudulent email. "We would like to restore your access as soon as possible, and we apologise for the inconvenience."

Cluley also revealed that another fraudulent email is tempting Facebook users into believing that rap mogul Suge Knight has been arrested for the murder of Tupac Shakur.

Around 125,000 Facebook users have been fooled into watching a video that claims to support the 'news' which is nothing more than a mashup of a number of other reports. Cluley warned that the popularity of the false report is helping to spread the malware.

"What's most of concern to us is that scammers are exploiting the rumours to trick Facebook users into permitting a rogue application to access their profiles and post spam messages to their accounts," he said.

The spam messages, which will be picked up by friends on Facebook, link through to online surveys as a way for scammers to make money and trick more users into installing rogue applications.