That is correct, I always either check the source of the email or do not click the links at all. Besides, I find it easier to simply type
http://www.paypal.com into my browser! What is the big deal of typing ten characters to prevent having large sums of cash stolen?