Let’s Encrypt issues certs to ‘PayPal’ phishing sites: how to protect yourself

Checking that a website uses HTTPS is one way of checking if it’s legitimate – but what happens when the scammers are buying SSL certificates that include the name of the company they’re spoofing?