They inlined PayPal's logo; and then a brief security message and a friendly little logon link... whose text display was the correct link. The actual anchor tag was to www.paypal.com.securitypaypalmeasures.co
The most amusing part was they included the standard "don't give your password to anyone".
So maybe that's what all spam is like these days; I usually don't see it. I think that the last thing that I saw like this used the <a href="somethingmadeup">click here</a> paradigm. Maybe end users are getting smart enough to not follow "click me" links these days.
But, of course, minus one million points for sending it to an email address that isn't, and won't ever be, related to any PayPal account which I may or may not have.