Lets analyze an example of a phishing scam. The screen capture below shows the message in my inbox.

At first glance it looks like this could be a legit email, but look at the poor grammar (Account Informations !!!). This is hint #1 that this is a scam.

Next I hovered my mouse over the email address and it is not coming from PayPal but another, probable faked, email account.  Hint #2.

I then opened the email and found a number of hints that this is a scam.  I have highlighted them in red.

Again you see that it is not from a PayPal address, the poor grammar, the extraordinary claims, a threat to cancel your account, another hint to a man-in-the-middle-attack, a helpful link to the account check page, and finally an errant bit of code ( ).

The final bit of evidence is the helpful link the scammer has provided.  If you hover over it and look on the bottom Status bar (lower left of your browser) it will show the page that the link will take you.

It not even a page at PayPal. (Note: scammers will sometimes mask the location of their links, so beware)

As you can see this is one sneaky scam that could catch someone who does not take the time to scrutinize what they are reading.

My advice?  Never, ever, under any circumstance click on a link from PayPal, eBay, banks, and any other financial institutions.  Always type in the address into your browser or use a shortcut you have made and know is legit.  It may take you a few extra seconds but it could save you thousands of dollars and hours of time in the future.