The link itself was 'http://______.ro/PayPal.exe' (I deleted most of the link so you cannot accidentally go there). Note the '.ro', that is Romania if I remember correctly. Remember, never click on the links in the notes. Go to the site yourself if you are not sure send them an email first. I run Linux at home so I felt safe to try to download the program and see what little nasties were in it. Fortunately it appears that the link was not valid. I was disappointed in that I could not try out CLAMAV on this.
Here is the complete text of the message. I highlighted all of the spelling and grammar errors.
While performing it's regular scheduled monthly billing address check our system found incompatible information which seams to be no longer the same with your current credit card information that we have on file. If you changed your billing information or if you moved from you previous address please follow up the link bellow and update your billing information: If you didn't change any of this information you still need to follow up the previous link and update your existing billing information because it means that our database regular scheduled update wasn't made correctly. Choosing to ignore this message will result in to a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation.
We apologies for any inconvinience this may caused you and we strongly advise you to update your information you have on file with us. Clicking Click here for download PayPal Driver_ you will avoid any possible futuring billing problems with your account.
This is not one of the better phishing attempts going around. The thing that makes it different is that they are looking at getting you to click, download and run a program.
Two links that you can go to: