I just noticed this on Full Disclosure. Apparently there may be a new PayPal harvesting scam going on. The subject is "PayPal User Agreement 9". It is an html email and found inside is the "user agreement" with the following modification. (I've removed the address but there is an ADSL address in Germany that matches where the xx's and 16s are).


PHP Code:
                <TD class=pp_footer>Please do not reply to this e-mailMail sent to this address cannot be
 answered
. For assistance, [url="http://www.paypal.com@xx.xx.16.16"]log in[/urlto your PayPal account
 
and choose the "Help" link in the footer of any page.
<
BR class=h10>To receive email notifications in 
plain text instead of HTML 
;update your preferences [url="https://www.paypal.com/PREFS-NOTI"]here[/url]. </TD></TR
A warning and head's up for those with "gulliable" users.