Got the following in my mail today (yes, as one big image as well):
It seems like someone was able to create subdirectories on an open-source software site, to be used as a phishing haven. Upon clicking the link in the above picture (via an imagemap), a person is brought onto a clone of the Paypal site. I “logged in” with a non-existing email and password. I was then asked to fill in everything from my credit card info, to my banking information, address, and even my SIN number.
This is the second such Paypal-based phishing email I’ve received in as many months. Both were reported to Paypal.
Update: Paypal [the real one] wrote me back to inform that indeed what I received was a fraud, and blah blah blah…