As you can see this particular email looks legitimate to an unsuspecting eye - this is what most emails I get from PayPal look like, and I bet emails from any financial institution, insurance or brokerage firm can be made to appear as convincing as this one... You can easily envision something similar coming from eBay, Bank Of America or E-Trade.
However, lets take a look at this email more closely (click on the picture to enlarge it)...
Let start from the email header on top of the message (1) . If we take a closer look at our sender (From) line we see that sender email address originated from different domain he claims to belong to. Each domain name is unique and despite similarities between paypal.com and update-paypal.com domain names, these are two different domains hosted on two different servers, possibly located thousand miles apart.
Check (2) is more critical... This is actual URL link embedded within email body responsible for directing user to a hacked or infected website. Again, this link appears to have legitimate PayPal address, but when look closely we see that programmed URL link will send us somewhere else (picture below).
At this point you should have pretty good idea if you have been spoofed - close your web browser and delete email message in question immediately.
Added December 22, 2011
Be aware of end of the year scams - pay attention to sender's email address!
Here is another good (possibly easier to understand) tutorial on spoofing at eBay.com
Another BIG NO-NO... If you need to make sure always go directly to a website, www.paypal.com in this example, and DO NOT click on the links withing the message body.