Paypal sends phishing emails - they just don't get it. I'm annoyed by eBay's, PayPal's, and the whole pack of banks' quite stupid attitude towards phishing anyway - why don't they finally use signed emails? The whole issue would be very easy to resolve: an email from eBay that is not signed with the correct key: into the trash.
But the fact that PayPal is so stupid as to send phishing emails itself - or emails that look just like the usual phishing attacks - is really quite stupid.