Should you be nervous if someone tells you people from Poland or Romania are peeking at your bank account? Not if you receive the news via email. And here is why.
Below is a screen capture of the mail I received today. At the first look, PayPal is warning me that someone from East Europe expressed interest in my online account. One will almost believe this because the exact date and IP address of attack were provided.
However, as a phishing-sensitive online user, one has to raise questions about the validity of the mail. The best way to make sure you are not fooled is to verify if the links provided in the mail are pointing to the right web sites. The screenshot explained what I did: I moved my mouse pointer on top of the link, and the exact URL was revealed. Instead of pointing me to http://www.paypal.com, the mail is actually linking to http://paypal.com.web-scr.us, a completely irrelevant site. The judgment: this is yet another phishing mail. Forget about it!
I decided to play the phishing site a bit more, so I followed the (fake) link and see what I will get. As expected, I was asked to provide my PayPal email address and password -- I obeyed using a pair of fake address and fake password. It did not surprise me that no "incorrect password" message appeared, but hey, the next screen went one step further by requesting your credit card/debit account information (screenshot below) as "identity verification" procedure. Apparently, someone's greed is spinning out of control :-)