Earlier this week I received what has to be the nastiest spam I’ve seen yet. It came from (ostensibly) “Do_Not_Reply@paypal.com” and the message “regret[ed] to inform you that your account is about to be expired in the next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.” In order to update your information, you are asked to run the executable attached to the e-mail. Without having been so stupid as to actually run the attached code, one can only assume that at best it is a virus, and more likely it’s a clever attempt at identity theft.
In the past couple of days, PayPal has added a link on their front page addressing these spams. Besides reminding people that they’ll never ask you to submit information through e-mail, they provide an address (spoof@paypal.com) to which they ask people to forward such spams. They claim that they will be pursuing these spams, and given the potential the company has to actually pursue some serious legal charges against those responsible, I wish them luck.