This morning I received an email from paypal referring to an abuse of my paypal account and with a link to login and suggesting I login to provide further information. I was a little suspicious even though it tallied roughly with the first incident, I hovered over the link and indeed it is dodgy:
I've put spaces in in the hope that it will appear here not as a "click here". Indeed if you go there you can put in any details you like and click login and surprise surprise it asks you for your details including credit card.
I can see how easily others, who are less IT literate than I would easily fall for this convincing scam. I have of course reported it to paypal and also listed the site on Surfcontrol (the filter we use at work) so hopefully corporate users at least will soon be protected (if they use this filter).