Latest one seems to attach a file asking you to click on it to verify a “discrepancy” in your PayPal account..

Looks like this:

From: “PayPal”
Subject: Please Submit Your Refund Payment
Dear PayPal Customer,

During our regularly scheduled account maintenance and verification procedure we have detected a
slight error in your PayPal online account.

This might be due to the following reasons:

1. A recent change in your personal information (ie. change of address, email address)

2. An inability to accurately verify your selected option of payment due to an internal
error within our systems.

Please fill in all the details that are required to complete this verification process.

To do this we have attached a form to this email. Please download the form and follow the
instructions on your screen. NOTE: The form needs to be opened in a modern browser which has
javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to
help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but
to temporary suspend your account.

Sincerely,
PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your PayPal account and choose the “Help” link in the footer of any page.

Content-Disposition: attachment filename=”Verify_Form.html”

Looks like (by reading the full header) the one I got actually was through a hijacked yahoo account from France.

Return-Path:
Received: from clevelandplayhouse.com ([209.187.80.219])
by mx.google.com with ESMTP id 27si949350qyk.90.2010.05.13.05.18.57;
Thu, 13 May 2010 05:19:07 -0700 (PDT)
Received-SPF: neutral (google.com: 209.187.80.219 is neither permitted nor denied by best guess record for domain of srvcs@ppal.com) client-ip=209.187.80.219;
Authentication-Results: mx.google.com; spf=neutral (google.com: 209.187.80.219 is neither permitted nor denied by best guess record for domain of srvcs@ppal.com) smtp.mail=srvcs@ppal.com
Received: from [208.104.18.27] by clevelandplayhouse.com [192.168.0.231] with SmartMax MailMax for angierock2001(@)yahoo.fr; Thu, 13 May 2010 08:23:07 -0400
Return-Path:
X-SmartMax-AuthUser: merlin

Unfortunately, phishing attempts will probably always happen, that is why it’s important to learn how to prevent becoming a victim of one. Do try browsing through the generous documentation PayPal offers on this matter: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/Index-outside and chose the best way to stay protected.

Basically, the bigger part of the fix is in your hands, if you follow a few simple guidelines, chances of future unauthorized access to your account go really down:
- never ever share your account private details with anybody;
- before entering information about your Paypal / bank account on the web, double check the URL, make sure it is a https one, not a simple http;
- double check the security certificate of the page asking for your account details.