A bait-and-switch scheme is targeting users of the financial service PayPal, according to security researchers.
A fraudulent phishing email originating in Romania is asking users to download supposed new security measures for the PayPal service. A deceived customer then downloads a trojan which modifies the DNS server of the PC and deletes itself.
"The next time the user attempts to visit the PayPal website, he or she will instead arrive at a phishing site," which asks for personal and credit card information, according to the website of WebSense, discoverer of the trojan last week.
The fake PayPal website has a section entitled, "Security measures: Are you traveling?" according to WebSense.
"PayPal is committed to maintaining a safe environment for its community of buyers and sellers," the fraudulent email reads. "To protect the security of your account, PayPal employs some of the most advanced security systems in the world, and our anti-fraud teams regularly screen the PayPal systems for unusual activity."
The PayPal site doesn't have a direct reference to the swindle, but it lists a number of tips for consumer password and email security.
"Look for a PayPal greeting," the company's site tells users. "PayPal will never send an email with the greeting 'Dear PayPal user' or Dear PayPal member.' Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account."
The site also asks users to share what they believe are fraudulent attempts to obtain personal information.