[zensayyy]

cert? that's an email. It's quite easy to change the mail from to be anything you want. Have a look on the dmarc fields if you want to be sure. Although I'm pretty sure that paypal always address the customer with their actual name...

[Thespian2]

Exactly. Need to see DMARC, SPF headers. Email headers are what you want to see. "From: <blah>" without those means nothing, and is trivially spoof-able.