I came across a fraud attempt which appeared like paypal account update and was linked to some other location:
The site had many layers:
Index of /skins/jcc/www.paypal.com/www.paypal.com/paypal/cgi-bin/webscrcmd=_login-run/webscrcmd=_account-run
under the site:
I can see how do they manage to do that!!!
I also learnt on how to Report a site:
look how similar it looks like in comparision to original one.
Also mind the fourth one is original one and the big green sign.