The latest phishing scam aimed at stealing users’ personal and financial information attempts to trick the recipient into thinking the email has been sent by payments and money transfer firm PayPal, on behalf of ASDA Stores, security website Hoax Slayer reported.

The email claims that the user has made a £59.99 order to ASDA Stores Limited. The email is very similar to legitimate PayPal transaction notification emails, and invites the users to click on a link in order to view the transaction details online. It is important for users to be very cautious with such emails, as this one in particular is not from PayPal, and the transaction details are not valid. The email is definitely a phishing scam that tries to steal sensitive information.

Cybercriminals hope that at least some users will fall for the scam after they see that an unapproved transaction has been made through their account, which may make them click on the link to view more information. If they do click, they will land on a fake PayPal login page, but the website runs a script that looks like the user has been logged into the account automatically. After the user is “logged in,” he or she will be invited to fill in a form that asks for their credit card, contact, and personal details. Once the details are submitted on the fake form, a “credit card is now secure” message will appear, and the website will automatically redirect users to the legitimate PayPal account. With the information in their hands, cybercriminals now have all details needed to commit identity theft and credit card fraud.

Users should know that it is always safest to log in after entering the PayPal address into the browser manually, and anyone suspecting a fake email should report it immediately to the address issued on the PayPal website.