To the untrained eye, the message is letting you know that your PayPal account is limited, and that there is a time limit for resolution. Again, this is injecting a false sense of urgency – and if you rely on PayPal, the fact you might lose access to your account is a serious issue.
The message explains itself as a security measure, and warns that your PayPal account might be in danger of compromise, resulting in theft. Ironic really, because theft is the name of the game here. Once more, the criminals are pressing fear as the main motivator. The fix is simple; just confirm your information by following the link.
To the trained eye, the message is a false as can be. First, PayPal will always use the registered account name when addressing messages, so they'll never address a security email simply as "PayPal Customer."
Second, the message itself is just an image. The criminal created a link to their domain, and used an image instead of the text link that most everyone is used to on the Web.
Using the image helps the message bypass many basic spam filters. The fact that the message was relayed through a compromised account that had never sent spam before also helped it avoid detection.
But what happens if you follow the link?