If you receive a suspicious e-mail apparently from a bona fide company, why not trace it and then send the phishers a message?
Check out the screengrab below. This is part of an e-mail I received earlier this week. At first glance, it looks authentic, but of course it isn't. I didn't bother to download and read the attachment, just it case it contained something harmful, but after tracing the message using this well known free service:
it was clear that it was not from Paypal. Like I didn't know that already. If you write for this site, you will have a Paypal account, so don't get caught out. Instead, why not send the phishers a message like I did?