The URL is http://www.paypal-cgi.us/webscr.php?cmd=Login

The user should consider an unsecured page (no lock icon) as fraudulent.
Sites such as PayPal would process your login information via a HTTPS session.
HTTPS is the secure version of Hyper-Text Transfer Protocol or HTTP that uses
Secure Socket Layer (SSL) technology. The use of only HTTP in the URL shows that
this website is not secure, something that a respectable financial institution
like PayPalŪ would not risk.