In a new scam, attackers are sending e-mail warnings that appear to come from PayPal, security specialist Sophos said Wednesday. These e-mails say that someone tried to reset the recipient's password and asks him or her to participate in an investigation.
The e-mails direct people to a Microsoft Word document hosted on a Web site and urges them to download the form, fill it out, and fax it to a toll-free number, Sophos said. The form asks for credit card information.
The new tactic comes as people are becomingof e-mails asking them to fill out sensitive information online, said Graham Cluley, a senior technology consultant for Sophos.
"We've seen a few attempts of this in the last few days, where phishers are trying out a new technique with people who have learned their lesson about filling out forms on a Web site," Cluley said. "They're hoping people will feel it's safer to fax back a form."
"It seems like a dumb way for the phishers to operate," Cluley added. "The authorities can easily track the phone number. But what isn't clear is whether they will get a (toll-free) number and then quickly dump it, or (whether they've) acquired the number using a false ID, or can have the calls transferred to a satellite phone somewhere outside of America."
E-mail-based phishing attempts may be getting less effective, though. As with other types of unsolicited mail, people are increasingly glossing over these messages as they troll through their inboxes, Cluley said. Phishers, as a result, are likely finding their mail-based efforts less fruitful.
"Trojans and worms are becoming more popular, because the information can be gleaned surreptitiously," Cluley said. "It's the way the trend is going."