I run my own mailserver and make my own email addresses up as needed. Each business I email gets a different address to use with me. So if I get spammed or virus/phish emails, I know where they leaked, and can just disable the address if it gets annoying. (I don't have to cave and get a whole new email address if I can't stand the spam anymore)
Anyway. My paypal address just got phished. I've had that happen a few times before, but I've never seen any hint of identifying information in the email. (I do a bit of forensics on them usually if I'm bored)
THIS time however, I got a hit. The phish directs me to www.dry247.com/cashe/mol.html (the "click here to verify your account information") This link was hidden under two layers of armor to make it very hard for av/spam scanners to spot. It's very rare to see something this well obfuscated.
I ordered twice from dry247 in june, and paid using paypal.
I think it's safe to conclude they had a break-in and theft of information including at least some ordering information, including paypal address. And they did the unusual thing of hosting their phishing form on the same server they stole the data from. (they relayed the spam through another hacked server at lesimpotsfrance.onmicrosoft.com)
That link is now displaying correct information, so they've probably caught and plugged the hole. But you might want to keep a closer eye on your paypal information for the next few months.
I'd be curious to know if anyone else here gets one of these.
EDIT... well I should have kept reading my mail. The very next one was an identical phishing message, sent to the email address I gave drycare for my order.... I'd say I've confirmed a hack beyond all doubt.