Of course, the voice on the other line purporting to be PayPal customer service was in actuality across the world waiting for her to send them money to resolve the issue. But there was never any issue, and the e-mail wasn't from PayPal.
Security Firm Armorblox has published a report detailing the PayPal Credential Phishing scam, which has affected around 500 organizations.
With the initial e-mail, Armorblox notes that, "There are enough grammatical inconsistencies here to cause suspicion, but only if one stops and thinks about the email." This stresses the importance of reading "official" e-mails carefully before giving them confidential information.
They then note that the e-mail sender was not from PayPal, but SecureServer.net -- a popular domain given out by GoDaddy which allows the masking of identity.
If the user clicks the link to log-in to PayPal, what they'll find is a site that looks almost practically identical, but fake. This is a phishing attempt. A user puts their information into the form, which then sends the information straight to the scammers.
Here are a couple of recommendations to make sure your employees don't fall prone to this scam:
1) Phishing Simulations -- Make sure your employees are receiving phishing simulations, which will occasionally send them e-mails like this one, except from trusted sources who want you to learn how to identify and pick-out fraudulent e-mails.
2) Multi-factor Authorization -- If the scammers got the Indiana woman's PayPal login information, they would be all set unless she activated Multi-factor authorization. Then, because they wouldn't have access to her phone, they wouldn't have access.