My account actually was deactivated and needed to be verified after a fraudulent transaction had been made. Again, the email headers passed for paypal, I entered paypal’s URL directly into my browser as I don’t click on email links, I actually talked to paypal on the phone, and the dispute was decided in my favor already–in my case it is absolutely true that this all really happened and it was not a phish.
I do not doubt that you were hit by a phishing tactic. Scammers design their emails to look just like an actual Paypal message. But that’s definitely not what happened in my case. It wasn’t the exact same email as mine was sent from a legitimate source and yours was not.
The fraudulent purchase was used to buy some kind of MMO gold and I see the OP is a WoW player. My initial suspicion is that is the direction to look. Perhaps the phishing or spyware, or whatever that led to the account breach was conducted within the WoW universe, or a related guild forum or a WoW items web page etc. To the OP - please understand I am not casting any aspersions as to your online savvy or ability to recognize and avoid such scams. The question you are asking implies something slipped past you some way or another so any suggestion about what it might have been could be something that seems blatantly obvious or completely impossible. My guess is the thief somehow latched on to you via WoW.