The same goes with Ebay and other well-known online services.
However I've never encountered the misspelling domains so far but I normally get stuff like that:
http://www.paypal.com@123.53.34.83/somedir
The IP above indicated does not reflect a real one...
the frontend looks then like the normal login section to the according service.
To report such spoof emails write to:
spoof@paypal.com
Edit: I posted the same warning some time ago on GFY... I just wonder why I didn't post it here also...