I've never received a PayPal spoof email, but interestingly today when checking my public (hotmail) email junk folder, There was one from PayPal with the subject "Annual Privacy and Electronic Fund Transfer Rights Notice." I opened it and found Hotmail had censored it for "my protection." I clk'd "lemme see it," and it was quite legit. It had Paypal's addy which wasn't clickable nor were there any other links in the body of the message. Nice to know that even Hotmail is attempting to protect its users from fraud. I clk'd "not junk." PayPal will never email you with a link request for info! They might request you to "go to their site and log-in" if there is a problem with your account, but it will never be in the form of a link. That's my understanding of rip-off avoidance.
Larry