Any lawyers want to sue PayPal? They insist on sending out e-mails that could just as easily be spoofed e-mails, thereby making it impossible for their hundreds of millions of users to exercise basic best practices in avoiding phishing attempts. (You should never follow a link claiming to be from your bank or anywhere likely to ask for your log in or payment information unless it is definitely the official domain of the institution claiming to be e-mailing you. When in any doubt, and best practice anyway, is to type in the domain of the institution into your browser yourself, or search for it if necessary. E-mail reply addresses mean nothing; anyone can fake them easily.)
PayPal has been called out on this before - https://
Many have simply reported it to email@example.com and told others it's a fraud - https://
And one intrepid English IT professional communicated with PayPal exhaustively by every possible means in every possible way explaining this is unacceptable - https://
Surely someone can come up with a good legal case could be made that PayPal is exercising negligence or willful disregard of some responsibility to protect PayPal users from spammers claiming to be PayPal? If i run a local store and request customers to shout their credit card numbers to me from across the street, and someone takes the opportunity to steal the credit card numbers, i'd think i'd have some liability.
PayPal's official response now, still, after years of being called out on this intolerably irresponsible behavior, simply encourages people to check that domains follow a paypal-something dot com scheme, which of course is no protection at all, as any scammer or phisher can register paypal-totallynotaphishingattempt.com right now— as they acknowledge - https://
That is wildly irresponsible, and for a modest consulting fee of a few million dollars i'll introduce to them PayPal, Inc. to the concept of subdomains.