Lets look at the links. Right-click on the message. Select View Source The source code will open in Notepad. Edit -> Find Search for http Message 1 SourceMessage 1 Source Message 2 SourceMessage 2 Source
If you are using web based e-mail... You may see something like href=/exchweb/bin/redir.asp? before the actual URL. Just ignore that part and look for whats after http. Source code for web-based email will have added code.
Results for Message 1 http://220.127.116.11/~funkeyboy/.../.www. paypal.com/www.paypal.com/cgi- bin/webscrcmd_login.php (Obviously not the PayPal site.) https://www.paypal.com/row/PREFS- NOTI (Actually DOES go to the PayPal site.)