Wherever there is money, there are crooks around to try and steal it. Phishing is as common as spam. Spam is often phishing. I had a guy who bought an XBOX 360 from me, he lived right down the street from me, but wanted it shipped to India, to some guy named Mohammad. Paypal said "OK To Ship" but I knew it was a phished paypal account transaction.
So walked down the street, knocked on the Paypal account holder's door, and asked him if he bought an Xbox from me and he said no. I already knew the answer.
So I waited 4 days, to see if Paypal would catch it, and they didn't. I called them to alert them, then refunded the money to buyer who lives down the street. Then opened a cancel transaction case in the resolution center, but the phisher refused to cancel the transaction and demanded that I send him the Xbox. I never got my FVF back. But the Paypal account holder got his money returned from me.
It seemed obvious to me that the phisher used a paypal account of someone who was geographically close to me in order to lull me into a sense of security. He deliberately targeted me, using a neighbor's account, to squash any suspicions.
But when someone name John Smith wants to buy merchandise and send it to Mohammad Terrorist, that's awfully phishy!
BTW, If you use GarageSale (like I do) the Ship To address shown in GarageSale does NOT match the Ship To Address in Paypal, if the account has been phished. Why? Because GarageSale uses the Ebay API ship to address, while Paypal (or GaragePay) uses the Paypal API ship to address.
Another case of the left hand not talking to the right hand. And in this case, the left hand had a hairy palm.