It's always a good idea to check the message source in these e-mails. The message headers I received looks like this:
Received: (qmail 33181 invoked from network); 30 Mar 2005 18:57:08 -0000
Received: from 220-135-80-159.hinet-ip.hinet.net (HELO brocom.com.tw) (220.135.80.159)
by falklands.globat.com with SMTP; 30 Mar 2005 18:57:08 -0000
Received: by brocom.com.tw (Postfix, from userid 0)
id 120C083633; Thu, 31 Mar 2005 02:19:53 +0000 (UTC)
To: xxxxx@davemackey.com
Subject: Update And Verify Your PayPal Account
From: service@paypal.com
Content-Type: text/html
Message-Id: <20050331021953.120C083633@brocom.com.tw>
Date: Thu, 31 Mar 2005 02:19:53 +0000 (UTC)
Really odd that PayPal would be using a company in Taiwan to send e-mail.
Further down, there is words to the following effect.
It has come to our attention that due some internet frauds some accounts have been stolen. We now must take some actions and verify all PayPal users.
However, failure to update your records will result in account suspension.
Please update your records. Once you have updated your acco unt records, your PayPal session will not be
interrupted and will continue as normal.
To update your PayPal records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Bad grammar and misspacings. And PayPal is supposed to be this big company that can afford to speek and spel rite.
Also, the URL as given doesn't even work. When moused over, the following appears:
http://84.17.228.22/www.paypal.com/login.html
When you go to the numeric IP address, you are taken to a website in Cyrillic Russian.
So we've got three countries involved. PayPal has been notified, but hopefully you spamming scumbags who are reading this who think they've got an easy mark here - WATCH YOUR SORRY BUTTS.