Security experts are warning online shoppers to be on their guard, with a new scam email doing the rounds.
Users of PayPal are being targeted by a fake email purporting to be from the online payments company and suggesting that somebody has been using their account without their knowledge.
"Log into your PayPal account as soon as possible," the email reads. "We may ask you to confirm information you provided when you created your account to make sure you're the account holder. We'll then ask you to Confirm your password and security questions."
There's a link at the bottom apparently leading to the PayPal site - but instead taking the victim to a fake PayPal log-in site which then collects the user's details.
The scam is a slightly different version of another PayPal phishing scam that's been doing the rounds, claiming that the user's account is about to expire. Again, users are asked to log in through a link and hand over their security data.
"All of the information you supply on the fake website can be collected by cybercriminals and used to hijack your PayPal account and conduct fraudulent transactions," warns the Team Discovery web development agency.
PayPal says that, like other financial organisations, it won't ever send out emails asking for your full name, account password, or answers to your PayPal security questions. Nor will it request your bank account number, debit or credit card number.
It's usually possible to spot that the email's a fraud fairly easily, as the sender is usually a Hotmail or Gmail address, rather than coming from a PayPal address.
You should always check the URL at the top of the browser: it should show up as https://www.paypal.com/. The 's' in 'https' means the website is secure, as does the padlock symbol next to it.
"If you think you've received a phishing email, forward it to email@example.com and then delete the fake email from your mailbox," says PayPal.
"If you've responded to a fraudulent email and believe your PayPal account may now have been accessed, you should report the unauthorised access immediately."
You can do that here.