Here's my perspective on the whole PayPal "fake" email issue.
I've never been stung by any of the fake "Your account is going to be suspended unless you send us all your PayPal information ASAP" type emails. I can't immagine anyone falls for those, but apparently it's obviously happened.
What I *DO* worry about (And have nearly been stung with before!) is fake *PAYMENT* emails.
When a high volume seller is dealing with countless incoming Payments on a daily basis, it's almost impossible to compare each and every email to the actual PayPal account.
Personally, I use the incoming emails from PayPal as my confirmation that the bidder has paid for their purchase. I then transpose the information from the payment email, into Shooting Star, and then prepare the item to ship.
I've had people try to "spoof" the payment email, doing a *very good* job in the process.
Thankfully, I logged into my account, and noticed that there was no corresponding *real* payment from said user.
I've always wished that there was some way that PayPal could "code" emails sent confirming payments so that they were verifiable by the seller..
For Example:
PayPal account holder must setup a "Code Word" in his PayPal profile.
With each and every payment received, along with the corresponding "You've got cash!" email confirming a payment, said codeword would appear in the subject line, or within the body of the email.
This would not only make it vey easy to spot spoof emails to begin with (As the spoofer would have to know your "Code" word), but would also mean that payment emails could be taken virtually at face value, as opposed to having to login to ones PayPal account and physically verify.
Seems simple, but would be very effective.