The link points to paypal-user-confirm.com/acc/login.php. The domain was registered a week ago with bogus whois data and (we guess) a stolen credit card.
Here's what the site looks like:
Let's see where this is hosted.
This IP address is physically in Israel. Let's see what the front page looks like.
Ah. "209.1 Host Locked".
This. is. Rock. phish.
While we wait for the abuse messages to go through, lets have a quick look at what kind of host names in addition to paypal-user-confirm.com have been pointing to this same IP address.