Thanks Memory, that is the 3rd report I have seen this year on PayPal spoofing. I think it's a good target because alot of people that use paypal aren't really security "aware". As stated in other post, I am employed by a company in the financial business from an investor/banking perspective. I would like to offer another resouce for these kinds of attacks related to finance. The FDIC provides warning and documentaion for managing IT risk and assisting prfessionals in attempting to protect customers from fraud. You may not consider it a security resource but it is. http://www.fdic.gov Check out the IT link under "Regulation and Examination" I am constanlty worrying about protecting my own corporation's assets and in additon attempting to focus on ways to protect my customers as well. I don't use PayPal like some of you might, but I have to consider another major fraud, hacking peoples bank accounts at internet kiosks. We all see them in malls and airports. Based on my experience with them. DO NOT enter any personal information at one and I try to communicate that and not just leave my customers in the dark. Inform your customers through mailing list not to use paypal etc. unless it's a direct link from your site. Protect them as much as possible, we don't want them associating their misfortune with a transaction they did with a company you represent.