Sophos has warned of a new phishing email that tries to trick PayPal users into calling a phone number and revealing their credit card details. 

The email purports to come from PayPal, and claims that the recipient's account has been the subject of fraudulent activity.

Unlike normal phishing emails, the message contains no internet link or response address. Instead, the recipient is urged to call a US phone number and verify their details.

When the number is dialled, users are greeted by an automated voice saying: 'Welcome to account verification. Please type your 16-digit card number.' 

"Although it's an American telephone number, the fact that PayPal is used globally means that anyone could be tricked into making the call," said Graham Cluley, senior technology consultant at Sophos.

Cluley said that the scam highlights a problem for online companies in how they communicate with their customers.

Many users are learning not to click on links in unsolicited emails. But an email that includes a phone number may not arouse suspicion.

"How many would know whether a phone number for a website is genuine or not? " said Cluley.

"As hackers get smarter, we are likely to see an increase in cases where they harvest messages from corporate switchboard systems to sound even more like the legitimate company."