As I am aware that many of you are Paypal users the following article should be required reading.

It will be no surprise to you that many online scams are delivered to you under the guise of a Paypal message…the latest scam Uses PayPal Secure Servers.

PCWorld advises that a scripting flaw makes a fake page with valid security certificate possible.

A cross-site scripting flaw in the PayPal Web site allows a new phishing attack to masquerade as a genuine PayPal log-in page with a valid security certificate, according to security researchers.
Fraudsters are exploiting the flaw to harvest personal details, including PayPal log-ins, Social Security numbers, and credit card details, according to staff at Netcraft, an Internet services company in Bath, England.
The PayPal site, owned by eBay allows users to make online payments to one another, charged to their credit cards, and log-in credentials for the service are a prized target of fraudsters.

The attack works by tricking PayPal members into following a maliciously crafted link to a secure page on PayPal’s site.