PayPal email phishing, one of the oldest and typical scams aimed at online buyers, is still successful. Given that the online holiday shopping season is peaking, cybercriminals are ramping up their efforts as well. PayPal is an e-commerce business allowing payments and money transfers to be made through the Internet. The scam tagged to PayPal is by now familiar not just to security experts but to many reasonably savvy Internet users. It starts with a somewhat credible-looking email with the PayPal logo "acknowledging" a payment for something that the intended victim did not buy. It provides an embedded link inviting the recipient to click on to dispute the charge. If you click on the bogus link you will not be sent to the PayPal website but to a lookalike impostor site that records your login details allowing criminals to steal your identity information. Useful Information about Phishing How to recognize phishing e-mail messages or links: Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where you are asked to provide personal data which you should NOT provide. A few clues provided below can help you spot fraudulent e-mail messages or links within them. Spear Phishing e-mail messages are those in which the attacker selectively chooses the recipient (target) and usually has a thorough understanding of the targetâ??s command or organization. How Can You Protect Yourself? â?¢ Don't click on a link embedded in an e-mail. Open a new browser, type the vendor's website and log in from there. â?¢ Before clicking on any link, hover over it to check the site's web address (URL). If it's Sears, for example, make sure it's really Sears.com and not something like Sears.somethingelse.com. Also check the spelling â?" scammers frequently register a site with a single letter different from a legitimate site. â?¢ A legitimate PayPal e-mail will never ask for a full name, password, driver's license number, Social Security number, credit and/or debit card numbers, PIN numbers or bank account numbers. Do NOT provide them. â?¢ A legitimate PayPal e-mail will also never contain an attachment or software update. An e-mail with either of those will likely contain spyware or a virus. Please delete this type of e-mail if you receive it. Do not click on the link in the e-mail or respond to the e-mail in any way. We urge all users to remain vigilant and ask that they adhere to the following best practices: â?¢ Pay attention to the links for websites on e-mails, texts, social media or other mediums. Malicious websites may look identical to a legitimate site, but the website address may use a variation in spelling or a different domain (e.g., .com vs. .net or .gov). â?¢ If you are unsure whether a request is legitimate, try to verify it by contacting the Agency office or employee directly. Do not use contact information provided on a website connected to the request; instead, check previous official information or statements for contact information. â?¢ Do not reveal sensitive, personal, or financial information in an e-mail, and do not respond to e-mail solicitations for this information. This includes following links sent in e-mail. â?¢ Donâ??t click on e-mail attachments from unsolicited senders. â?¢ Report any e-mails you receive to your FSIS e-mail account immediately to the FSIS Security Operations Center (SOC) at OCIOSecurityOperationsCenter@fsis.usda.gov so they can investigate the matter further and alert other users, thereby protecting other users within the Agency. â?¢ If you receive a suspicious e-mail that OCIO has not alerted users to, you may be asked to forward the e-mail to the SOC. Wait for their instructions on whether to forward and/or delete the e-mail you received. They will not be able to investigate the e-mail if you simply delete it. If you have questions, please contact the FSIS Security Operation Center (SOC) at OCIOSecurityOperationsCenter@fsis.usda.gov. Thank you, Office of the Chief Information Officer For lost/stolen laptop, Blackberry or other Personal Data Assistant (PDA) or Personally Identifiable Identification (PII) incidents immediately contact USDA at 1-888-926-2373, 24 hours a day and then contact the FSIS Service Desk at 1(800)473-9135. Supervisors should make a copy of this e-mail available to inspection personnel without Outlook accounts.