Paypal's been going downhill
When I first started with Paypal, it was after doing a fairly intensive review of their policies and the various online comments about their service with several of my friends. There were a few interface WTFs, but the service worked fairly reliably.
As the years went by, there were more and more WTFs. When eBay bought them, the rate of new issues went up, and, one by one, my friends and I quit using it.
I haven't used Paypal in several years. However, from the various comments I've read about paypal, and the various emails I get from PayPal still, I'm guessing there's still more WTFs being added than removed at any given moment.
That having been said, it's entirely possible that they have decided to start sending out their own phishing attacks, in order to perform some targeted user awareness training. Of course, this is still a WTF, as they're obviously not aware that some of us read our email in the raw, rather than using some fancy HTML rendering engine (Note: I use a fancy HTML rendering engine, but only for emails from non-commercial orgs. Any email from a financial company with which I've ever done business triggers a plain text display filter), and they're obviously not communicating about said messages to their staff.
However, my bet is that these are real phishing messages, sent from bots within Paypal - which, I think, is a bigger WTF.
Re: Colour me unsurprised:
Top posting vs. nested replies is context sensitive. Using a nested reply, with appropriate conversation trimming, in the wrong context is as bad as top posting in the wrong context. Both are, IMHO, preferable to the context-free replies that some people give. But you are right - it is disconcerting how few have any semblance of netiquette awareness...