Emails claiming to be from Paypal take advantage of warnings not to reply to phishing emails or click on links by asking users to fax their credit card and bank information directly to the phishers.
The emails start with the tell-tale lack of personalisation.
Dear Paypal Customer,
Unauthorized person tried to reset the password from your paypal account. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, you have to complete the affidavit form. Click here to download the form. Please send a fax in the next 24 hours to [number removed] with affidavit form completed.
"In the last few days we have seen a number of attempts by phishers to use this technique. It's possible that some people who know that they need to be careful about entering their confidential information on a bogus website may think that completing and faxing back such a form is somehow safer," said Graham Cluley, senior technology consultant at antivirus company Sophos.
But the new phishing technique may not bring the results the phishers hope for.
"Interestingly, the phishing gang may have made a huge blunder by including the fax number in their scam," said Cluley.