An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as 'unusual activity' alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info.
As the ESET researchers that spotted these attacks discovered, the phishers are attempting "to trick users into handing over considerably more than ‘only’ their access credentials to the payment service."
To make sure that the potential victims are scared straight and more than willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they're secured by confirming their identity.
"Please log in to your PayPal account and complete the steps to confirm your identity. To help protect your account, your account will remain limited until you complete the necessary steps," the phishing bait emails say.
"The security of your PayPal account is a top priority for us and we want to work together to help protect it."