It seems that GMail new feature about Phishing filter is not 100% working for all people. Abhinav.Singh still has a problem with Paypal which he posted on his blog. It's dated 8 July, so it's still fresh (only few hours after GMail announced their new filter).
As you can see in the image, phisher usually uses undisclosed-recipient as the recipient and not our single email account because they sent a mass email to lots of people. So by looking at this criteria, we could reduce the risk by deleting or marking it spam. And also, PayPal usually write their customer's name in most of their email messages, so if you receive messages from PayPal without your full name, please beware. It might be phishing attempt.
Update (10 July 2008 : 06:45): Thanks to Somesh for clarification. GMail seems to use filters only for emails that tries to camouflage as PayPal or Ebay and ends with @paypal.com or @ebay.com (email spoofing), but emails that tries to camouflage as PayPal or Ebay and uses domain other than paypal.com and ebay.com will not get filtered away (this is what happened in Abhinav's case with @online.net domain). Please pay more attention about this.