Is "Paypal Anti-Fraud Protection" just a scam?

I know what email you received, and you're right, it's a scam. To be more specific, it's a "phishing" attempt by some hackers in Russia to get your Paypal account credentials (login and password) so that they can hack your account. Do ont click on the link, do not react to this message other than to simply delete it!

Here's what it explains, reasonably enough: "We have noticed an increasing fraudulent activity recently In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access."

[Paypal is a US-based company, so its team would have written "unauthorized" with a 'z' not an 's', by the way]

The message continues: "To complete your Anti-Fraud Protection, you must click the link below and enter as more information as possible to provide your complete identification and to activate all the features of the new system."

They did a good job with the phishing message I received. The return address of the message is "PayPal <service@intl.paypal.x.com>" and if you know your Paypal history, "x.com" was a competitor that it acquired in the early days of the biz. Are they still using the domain? Yes, but only for Paypal labs (did you know that? I didn't!), but still, it's not a ".ru" domain that immediately would tip you off.

However, if you were to click on the link that is shown as "https://www.paypal.com/" you'd actually go here:

(I skipped about forty digits to show you the full URL)

Ignore all the jazz at the front, ignore the session ID, and just look at the very end of the URL: "ssl89.ru". That's not Paypal, that's not X.com and that's not eBay.

It's these delinquents in Russia.

As I've said many times before, be vigilant and do not click on links in these sort of message, however legitimate and sensible they may seem.