PayPal users should be on the lookout for a scam email designed to install malware on their computer, security experts have warned.
The malicious email is disguised to look like an official communication from PayPal, and even appears to be sent from the address '[email protected]'.
Users who open the email, which is often sent with the subject line 'PayPal account warning', are prompted to open an attached Word document laced with malware.
The computer virus appears to only hit Windows machines, with Mac, iPhone and Android users unaffected by the virus — even if they open the fraudulent email.
It's unclear how many people have been targeted in the latest malware attack.
There are a number of different variations of the PayPal scam currently being circulated online, according to security blog My Online Security.
In one example of the malicious correspondence, the email reads: "Greetings, dear Client! We noticed a lot of frauds performed by machinations with online services of the accounts of our clients.
"Attackers obtain access to accounts by stealing login data and passwords, this may be very dangerous for your funds and our reputation, so we are asking you to perform some actions, in order to prevent fraud."
The email continues: "To protect your funds, verify please your account data. It will let us approve your post address and personal data. Also we strongly recommend to keep passwords and login data, in the safe place.
"To make your account information verified, please fill and send the next form via e-mail or via post. If you will not react on this notification, we will be forced to temporarily block your online services until you won't verify your account information,' the fraudulent email concludes."
Security experts have urged people to exercise caution if they receive the email.
The email and attached Word document should not be opened on a computer running Microsoft Windows software, experts warned.
PayPal has also spoken out about the recent spate of fraudulent emails.
One user, known as Victoria Rowlands, tweeted a message to the official PayPal social media account after receiving the malicious message.
Rowlands wrote: "@AskPayPal I have received a scam email from secure PayPal support. The contact on the back end is [email protected].
I wasn't sure where to report this to."
PayPal confirmed the email was not genuine, and pointed the user in the direction of a help page on its website that focuses on spoof and phishing emails.
In the help pages, the payment company states: "These emails use deceptive means to try and trick you, like forging the sender's address.
Often, they ask for the reader to reply, call a phone number, or click on a weblink to steal personal information.
"If you receive a suspicious email, FORWARD it to [email protected].
Our security experts can take a look to determine if it's a fake. If it is, we'll get the source of the email shut down as quickly as possible.
Reporting these emails helps protect yourself and everyone else, too."
It's unclear why users are reporting an influx in the number of fake PayPal emails.
One of the variants currently being circulated by online hackers was sent out with every recipient listed in the Carbon Copy (CC) field of the email, not the Blind Carbon Copy (BCC) box.
As a result, it is possible for everyone to see the complete list of email addresses targeted by the scammers – a major breach of data protection regulations.