You just need to be more careful. Yes it's a spam or phishing email. The top link for the User Agreement starts with www.paypal.com. This is what you want. The other one, to cancel the (fake) transaction, starts with another internet address. This is NOT what you want. You can tell because when you hover the cursor over the link, it tells you the address in the bottom left of your browser. What I do is I have two email addresses. One for my main email and one only for PayPal. That way with all the spam that goes to my main email address, I know anything from PayPal is fake. As long as you never use your PayPal login on any other site, you'll be fine. If not, change your password (and maybe your email address).
... View more