Online payment service Paypal has been the victim of a new phishing attack which manages to bypass security measures built into modern Web browsers.
Users are now being warned to be cautious when responding to, or acting upon, emails that appear to be sent from the firm.
According to the U.S. Computer Emergency Readiness Team (UCERT), the attack is also being used to target Bank of America and Lloyds TSB customers.
The unsolicited emails claim to be legitimate correspondence from Paypal but simply redirect to phishing websites.
However, unlike other malicious spam messages, the scam emails store the content of a fake website locally — allowing cybercriminals to dodge traditional spam filters.
If users offer up their information it is simply transferred from their email account directly to a PHP script on a dodgy website.
The scam was discovered by M86 security labs.
The organization said: “Users must avoid opening e-mail attachments arriving from unknown and suspicious sources. They must also avoid replying to and clicking links provided on unsolicited e-mails.”