A new fraud scam that tries to trick consumers to disclose their confidential banking information in an e-mail has targeted TD Canada Trust as well as American e-commerce firm PayPal.

In the bank's case, the scam sends recipients an e-mail that on the surface looks like a bona fide information request from TD Canada Trust. It asks for an update of customers' passwords for online banking, as well as their account numbers.

The e-mail reads: "This e-mail was sent by the Canada Trust server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Canada Trust Access Card Number and Web Password."

If the user submits the requested information and clicks the "verify" button at the bottom of the form, that "small window," a pop-up box, sends the information to a server in Moscow, called bondor.infobox.ru. That address is apparently owned by one Vladimir Kuznetsov and appears to reside on a legitimate business server that may have been compromised without the owner's knowledge.

The scam is the latest incarnation of what is commonly referred to as "phishing" scams.

TD Canada Trust spokesman Jeff Keay said his bank is the fourth in Canada to be targetted by a phishing scam. Bank of Montreal was also recently targetted. Keay could not say if any TD Canada Trust customers have fallen victim to the ploy.

Keay said that his bank would never ask a customer for sensitive information by e-mail. He urged people to ignore such an e-mail request.

In the case of PayPal, a provider of online payment services that now owns online auctioneer eBay, the phishing scam takes a slightly different approach.

Users of PayPal's service are sent an e-mail telling them that their account has been "placed on restricted status" as a routine security measure. "To lift this restriction," the e-mail reads, "you need to complete our credit-card verification process." It was signed "the PayPal Account Review Department."