See ->
https://www.paypal.com/us/webapps/mp...cious-activity where they'll request you to forward that email (presuming this was precipitated by reception of email and they'll want it forwarded rather than just a cut-and-paste of the message body so that they can inspect the SMTP headers in an attempt to trace) to
spoof@paypal.com where it can be verified. Presuming its fake they'll want to know of it as stuff like this potentially impacts their business. hth...