I have gotten several spams recently, both in my personal email and at my work address, from someone trying to scam PayPal accounts. The text of the message looks like this:
Dear PayPal member,
We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.
To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.
IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore.
Thank you for using PayPal.
Of course, the little “oggohnah” bit at the end was random, and was different in each copy of the message that I received — a classic tip-off for spam. And it contained an attachment which our anti-virus system on our email servers caught and quarantined.
IMPORTANT TIPS: No right-minded company or service is ever going to send you an attachment in order to update your account information. They are going to ask you to visit their web site. And when you do visit their web site, you shouldn’t do it by clicking on a link in the email. You should manually type the known address into your browser, or use a bookmark that you’ve saved in the past. And watch out for emails that tell you what link to go to, and be sure that it’s the real deal. Registering a domain name similar to the real one and putting up an official-looking web site is child’s play, and is a technique that fraudsters have used for years.
This applies to just about any service on the Internet where you enter personal information. Make sure you are dealing with the real thing before you enter any passwords or personal information.