Phishing seems to have taken on a new and sinister twist, with e-mails that ask people to fax sensitive information to bogus security investigators. It's amazing what some people will foolishly do if asked to by an official looking e-mail, and this new scam exploits that weakness in people by the use of e-mail warnings that appear to come from PayPal, saying that someone tried to reset the recipient's password and then asking him or her to participate in an investigation. I do believe I have actually had several of these mails already, although I must confess to having got into a habit of automatically binning anything that says PayPal on it, due to the large number of phishing scams which involve this service. The e-mails lead the victim to a Microsoft Word document hosted on a website, where they are urged to download a form, fill it out, and fax it to a toll-free number.
"We've seen a few attempts of this in the last few days, where Phishers are trying out a new technique with people who have learned their lesson about filling out forms on a website," Graham Cluley, a senior technology consultant for Sophos, said. "They're hoping people will feel it's safer to fax back a form."