I was checking the email logs the other day, and happened to see one from "paypals.com", that reminded me of the prevalence of phishing scams. Fortunately, this was filtered out by our anti-spam software, but it was obviously a phishing attempt.
The address used was "paypals.com", which is too close to the popular pay website "paypal.com" (without the "s") to be coincidence. This is a common method to fool the recipient. In this case, subtly changing the domain, in a way that many people will not notice.
Another very common method, is to send an email that appears to be from the actual domain (in this case "paypal.com"), when in fact it is sent from a completely unrelated site.
The content of the email will usually be something about you needing to verify your information. Most of the time, it is designed to make you think that your account may have already been compromised. It may say that your account has been locked due to too many invalid logins, that they are updating their security, that there has been a large transaction against your account, or anything that will get you to click on the embedded link. This link is not to the site that you think it is, but to a site designed to steal your information.
Usually, but not always, the URL (web address) that shows in the top of your web browser, does not match the URL for the company. You may click on what you think is a paypal.com link, and, if you look at the URL, it will be something like "http://www.somedomain.com/paypal". In this case, you are not connecting to the paypal.com web site. but to the "somedomain.com" website, and the page titled "paypal". Obviously not where you wanted to go. Even checking the URL is not totally secure, as some sophisticated phishing scams will even fake that.
What I do, with any site that I use that has sensitive information, is that I bookmark the site when I first sign up. Then, if I get an email that is purported from one of these sites that I use, instead of clicking on the link in the email, I open my web browser, and go to the site via my saved bookmark. That way, I know that I am not following a bogus link.