An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info. ESET researchers that spotted these attacks discovered, the phishers are attempting “to trick users into handing over considerably more than only their access credentials to the payment service”” The phishers used multiple phishing domains with names designed to somewhat resemble an official PayPal site.”
Source: https://www.bleepingcomputer.com/news/security/paypal-phishing-attack-promises-to-secure-accounts-steals-everything/