I just received an e-mail from PayPal, informing me that my account has been accessed and that I have three days to confirm my details or the account will be blocked. I went to the link:
and it certainly looked like PayPal's web page. All the menus worked, but then I noticed something odd. The link above is not paypal.com but 220.127.116.11. So I did a WHOIS and it came up blank - no known address!
So I next went to paypal.com and it certainly looked the same. This time WHOIS came up with a legitimate owner - PayPal.
One more check confirmed the phish. I went to the rogue link (the one above) and clicked on a menu item. Sure enough the URL changed to paypal.com. Then, when I clicked back to the welcome page, it took me to the official paypal.com home.
This is a very clever attempt at obtaining personal information in that it would be very easy to overlook the URL.
Oh, yes, one other reason I was suspicious. I DON'T HAVE A PAYPAL ACCOUNT!!!!