I just received an email from Paypal (!) with the subject line: “Account compromised: billing information moved or changed”. As we should all know by now that these are classical phishing attempts, I hovered my mouse over the link that is given in the email message and saw that the link would actually take me to the paypal subdomain on a homeip.net domain. A quick glance to the text also revealed some typos like “seams” instead of “seems”.
As lame as this is, I am sure there are still a lot of people who click on the links blindly taken by the message’s resemblance to a legitimate message.