That's a good heads up there guy. I got one of those fraudulent emails on my work email a few weeks ago. What made me sceptical is that I don't have a paypal account. I just forwarded it to the spoof at paypal too.

Just for grins I went to the link on that fraudulent email. Boy the stuff they try to fish from you. SSN, bank account, credit cards, birthdate etc. Dangerous stuff.

Scams like this have been going on for quite some time. Its not just Paypal that is being hit with these scams, but banks, credit cards, credit unions, etc. Any entity that you do business with can be a target by these scammers/hackers.

If you receive any email for any type of account that is requesting information, verification of personal info, etc., do NOT click on the links, do not give that info out. If you have doubts, forward the email to them (paypal, bank, etc.) and let them tell you if its legit. Do not hit reply when sending the email, find the correct email address you need to send it to.

Another way to figure out where the URLs/links are actually going, is to hold your cursor over the link to see what the URL is. Most likely it will go to some URL that is not your bank, paypal, etc. Often times the correct name will be embedded somewhere in the URL, but it does not look right and has way too many characters.

Any legitimate business will not ask for any confidential information via email.

This type of scam is called "phishing."

It is a ploy to obtain personal information in order to steal your identify, credit card #s, bank account #s, etc.

If you see an email that says "Your eBay account" or whatever and you don't have an account with that company, DON'T OPEN IT!

One thing you can do to cut down on the chance of getting scammed is just put your cursor over the link and look down at your bottom task bar and see what the actual URL that displays is. Most times it will have paypal in the address somewhere but it won't be paypal.com by itself. Most times something like http:\\rideout.paypal.com\ or something similar.

That is one of the things I do besides using TrendMicro.com's email filter. It is usually very good at catching phishin and spam if you keep the definitions updated.

Phishing scams rarely greet you by name in the email. I do fraud detection for a large insurance company so I see quite a bit of it. If you get a legit email from ebay, your bank, or paypal and it is legite, it will say Dear Tom Smith, not Dear Account Member. Just one more thing to watch for. If in question, just call the company (but not a phone # given in the email).

That's a good tip MN, but one thing I've seen is where people have some variation of their name in their email address. For instance:

smith.john@example.com

Then the criminal will usually use software to expand this to "Mr. John Smith" when sending the blast in the email itself.

I usually just hold over links to verify that the linked to domain is in fact from where the email is claiming to be from as mentioned above.

Usually phishing gives links to straight ip address (192.168.0.1 for example). However this too is not fool proof. There was an exploit around in the last year to year and half that allowed masking of the true url in the status and link bar in Internet Explorer and thus Outlook. Pretty nasty...

I tend to use browser based email and Firefox:

http://www.mozilla.com/firefox/

so this is a safer strategy for me.