Users of financial service PayPal are coming under attack from a bait-and-switch scheme, according to WebSense, who discovered a trojan which modifies the DNS server of the target PC attached to a fraudulent phishing email. The mail asks users to download supposedly new security measures for the PayPal service.

"The next time the user attempts to visit the PayPal website, he or she will instead arrive at a phishing site," which asks for personal and credit card information, according to the website of WebSense, discoverer of the trojan last week.