I hate Paypal scams!
By now I figure that most people know about these emails that float around purporting to come from Paypal. Usually they claim to have some problem with your account or be updating their security procedures, and they ask you to log in and verify your information. (They've started coming from fake Amazon.com sites, too.)
If you actually click the link (I was stupid enough to begin the process once), you arrive at a site that looks exactly like Paypal except for a couple of minor changes in some instances. The site might ask for information that Paypal's login screen does not collect. That's what tipped me off that what I had clicked on was NOT Paypal. I then started learning to check the emails for authenticity.
Most of these fake Paypal emails have some kind of grammatical or spelling error that is not typical of legitimate business communication. That's a dead giveaway. However, the real test is to right-click on the link to the login page and copy the shortcut and then look at it in Notepad or some other editor. The link to the real Paypal site always begins with http://www.paypal.com/... or https://www.paypal.com/... All of this is very important. A site that is http://www.paypal.com.darling.com/somelogin.php is not Paypal. It is Paypal.com.darling.com, a completely different domain name. That slash must appear after paypal.com in order to verify that you are really going to Paypal. Likewise, http://lotsofmoney.thebank.paypal.com is not Paypal. It is another domain that happens to include the word Paypal in it in order to trip you up. This same tactic is often used in the from: field of the email: the recent email I got was from email@example.com. That's not Paypal either!
The folks authoring these emails are getting more and more crafty. This morning I got one informing me that an email address had been added to my account and that if I didn't agree I needed to log in by clicking on the link. Of course, right-clicking on and examining the link revealed that I would not be going to Paypal. Furthermore, the email was sent to an address that I don't use with Paypal. What this email shows me, though, is that I can't rely on the grammar errors alone. I have to watch those links, always, and I can never assume that a Paypal email is a Paypal email unless I know that I initiated it by doing something in my account that would naturally generate one of these emails.
Why am I posting all this here? To tell you all this: never, ever click on those links. Always go to Paypal.com from your browser by opening it yourself. Whatever Paypal is telling you, if it's legitimate, will also show up in your account.