Hi-tech fraudsters are attempting to trick PayPal users into calling a phone number and giving over sensitive credit card account information.

The tactic follows the same patterns as a recently detected "phone phishing" attack targeting customers of the Santa Barbara Bank & Trust. The attack on PayPal shows that the approach is going mainstream.

When potential marks dial the phone number, a recording requests that they type in their account number. The PayPal attack is more sophisticated than the Santa Barbara Bank & Trust because fraudsters attempt to verify the legitimacy of the account information they've tricked users into handing over. If incorrect card details are entered, a request for re-entry is made, further enhancing the legitimacy of the fraudulent telephone number.

The bogus number was still live on Friday afternoon, according to UK security firm Sophos, which discovered the scam. A graphic of the bogus email and a WAV recording of the automated voice message can be found here. ®

Related stories

• A third of dodgy emails are phishing attacks (5 September 2006)
• PayPal freezes out British user in 'terror' list snafu (18 August 2006)
• PayPal UK confirms double-dipping error (8 August 2006)
• Gmail phishing email offers $500 prize (12 July 2006)
• Say Hello to voice phishing (26 June 2006)
• Two charged with VoIP fraud (8 June 2006)
• RSA 2005 Spam gets vocal with VoIP (17 February 2005)
• VoIP security group goes on the defensive (8 February 2005)
• Phreakers will rape and pillage your mobile (22 October 2004)