Internet security experts have discovered a new phishing scam that uses voice recordings to pilfer money from PayPal accounts.
In the newest social engineering attack, identity thieves have spammed fake PayPal account compromise warnings to lure users into dialing a phone number and giving up credit card information.
Unlike normal phishing e-mails, there is no URL or response address. Instead, the e-mail urges the recipient to call a phone number and verify account details.
eWEEK confirmed that the phone number embedded in the e-mail was active and accepting credit card entries at midday on July 7.
It is a Southern California area code (805) that greets callers with the following automated voice recording: "Welcome to account verification. Please type your 16-digit card number."
The automated message simply urges users to enter credit card numbers. If incorrect card details are entered, a request for re-entry is made, further enhancing the appearance of legitimacy of the fraudulent telephone number.