I got an email earlier today claiming to be from “firstname.lastname@example.org” and looking very plausible. It indicated that I had made a $150 watch purchase that I hadn’t actually made, and provided what appeared to be links to the PayPal site, encouraging me to log in for additional details.
In fact, the links were not to PayPal at all, but to a site apparently in Poland. (I determined this simply by hovering my mouse pointer over the link and looking at the information my browser provided.) The obvious intent was to make me think someone had bought something and had it billed to me, so that I would panic and click on the links which would then ask for my PayPal login and password (which I don’t have since I don’t use PayPal), whereupon the bad guys really would start charging stuff to me.
People less cynical than I am could easily be taken in by this scam.
There’s a lesson here: Be very skeptical of links in emails.