A recently uncovered phishing campaign, targeting PayPal users, asks victims for the complete spectrum of personal data. The campaign goes so far as asking for social security numbers and uploaded photos of their passports. PayPal has said legitimate emails will always come from a PayPal.com address and will also address customers by their first and last names. In November, a Utah eye clinic informed 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal.
Source: https://threatpost.com/active-paypal-phishing-scam-targets-ssns-passport-photos/152755/