Whoa, I wasn't expecting this kind of quick reply, thanks guys. specially to the posters who confirm my suspicions but help me gain some peace of mind as well. It's always annoying when this happens to anyone. Even if it didn't quite happen to me, it was still a close thing.

Not necessarily, we've all heard of the nigerian letter, a laughably obvious scam which even predates the internet but which people still fell for. Most of the scams I'm used to are poorly written, sometimes with broken grammar, selling products of dubious procedence. Yet they still get their share of victims. These are much more dangerous, because even if a healthily paranoid individual like myself can be fooled by them, what of those poor saps who buy viagra online?

The emails have been sent to spoof@paypal.com already, but I'm not expecting anything other than the automated reply.

The fact that some sensitive information is included in the scam mails is the most worrying. My real name was in there. It doesn't help that one of the legitimacy checks listed in paypal's page is precisely that they will address you personally, not with a generic title, using information available only to them. I'm pretty sure that if I were to change my name to Prancing Fancypantaloons (which btw is a huge hassle to do with paypal, that is both good and bad) I would start getting mails addressed to that.

Does real paypal send ads and things like "win a trip to barcelona"?

I've noticed that there has been lately a bit more "paypal" mail than in the past. Haven't really read them because I don't want to win a trip to anywhere and usually in my mail isn't anything worth caring about or reading anyways so I just occasionally go and click stuff in the trash.

No, they don't and those are precisely the kind of scam mails I've been receiving. Check the sender's address closely.

Edit: spoke too soon, apparently they do have a store and offer special discounts.

Can't really double check it because it's already deleted but I basically just saw paypal in there and my real name.

Well good to be cautious and carry on not caring about those what ever they say.

First of all, even though I wouldn't even consider using Paypal, as an e-citizen (<-corny :D) I must thank you for taking the time to post your experience. +1

I used to think they it's due to incompetence of the scammers. But I remember reading an opinion on that that really made sense. Those scam mails are on purpose crafted this certain way because they target a specific type of people. The most gullible and net-novices they could get. If you are even slightly concerned about frauds, you are not worth their time. As others have said before, unless the scammers have hacked Paypal's servers (or your own computer, but then they wouldn't need to go through mail fraud), it's not possible to do that. Are you sure it wasn't e-paypal.com or e.paypal.com.cx or some other suffix? The address you mention is indeed a subdomain from the legit paypal company. They could also use HTML or formatting tags, if your email client supports, and show a valid address, but link to a different one. http://www.gog.com :P

Nevertheless the fact remains that they used personal, specific information and that means that your details have been hacked or sold from some place. Hopefully it's not something that can be used for more than phishing.

Changed my password today . You should change your password to anything with real money at least twice a month.

And here's a pro tip from xkcd regarding password strength:
http://xkcd.com/936/ I second that. :)

Well, I trust emails if they are PGP signed. But otherwise, I don't.

Continuing on with Lemon_Curry's XKCD references:
https://xkcd.com/1181/

e.paypal.... As mentioned it's probably used only to bypass filters since e.paypal.com makes no sense, but secure.paypal.com does... And faking headers is easy, i remember a tutorial on it, you can manually write an email or put a fake reply-to field on and it works because the address is never confirmed (one of the weaknesses of the original email and ip4 design).

I recall years ago getting odd emails elsewhere, demanding i update my information for my banner bank account, and i looked at it and said 'i don't use banner bank'.

Faking names in emails is fairly easy because if you have john.doe@someplace.com which is commonly done by quite a few ISP's, and a simple Regular Expressions like "(\w+)\.(\w+)@(.*)" to break it up to email it to you. On the other hand if they use 'customer' or your raw email address then you know they know nothing about you. (Probably why i can filter spam easier because i don't have my name in my address...)

What i really want to see if the CIA/NSA would start a program where they start cracking down on this, specifically by giving a few hundred users second ID's. These are names, addresses, social security numbers, job titles and work places, phone numbers, credit cards, etc. Then when we get one of these scams we fill in the fake information, and when they try to use it they can start tracking it down when they attempt to use it.

I doubt that's going to happen. After all, most of the really good hackers end up working on the NSA/CIA payroll anyway. No order without some chaos, right Feds?

That's why I have an email address for every website I make an account and buy with paysafecard where/when possible.

ultimate bump of awareness

The only way e.paypal.com could be a scam site is if it were set up by a rogue paypal employee or an undetected hacker with thorough access to paypal's servers. As others have written, you cannot use a subdomain of a domain without the domain owner's consent.

However, the piece of advice about not clicking any links is absolutely correct. One cannot always be on guard, and a completely legit address like e.paypal.com might one day become e-paypal.com or something like that.