The latest social engineering phishing attack is now using phones instead of fake web sites. Identity thieves have spammed fake PayPal account compromise warnings to lure users into dialing a phone number and giving up credit card information. Unlike normal phishing e-mails, there is no URL or response address. Instead, the e-mail urges the recipient to call a phone number and verify account details
If they use a throw away cell phone, it simplifies their activity.