PayPal phishing attack 'bypasses traditional anti-phishing tools'

The importance of email encryption and security has been underlined by reports of a high profile, ongoing phishing attack involving PayPal, Lloyds and Bank of America.

Users have been alerted to the threat by the United States Computer Emergency Readiness Team (US-Cert), which is part of the US Department of Homeland Security.

Scammers are using an unsolicited email message containing a HTML that is capable of bypassing the traditional security mechanisms used by common anti-phishing browser filters.

US-Cert has encouraged web users to take extra email security precautions to avoid falling foul of these attack, which stores malicious webpages locally rather than directing users to a phishing site via a URL.

Users have been urged not to follow unsolicited web links or email message attachments, and use caution when submitting any personal information online.

Earlier this month, US-Cert warned US citizens to be wary of the increased risk of phishing scams during the US tax season and the upcoming tax deadline.