If you don't know, phishing is a type of attack where somebody will send you an email pretending to be a Bank, PayPal, or in this case eBay and ask for personal information. The best phishing attacks will forward you to a very convincing functional website that collects this information, that is then later used by the attacker fraud or identity theft.
This is the email I got:
This is the site it linked to:
This is the page it sent me to after I provided a false login (u:Bob p:password):
For referance this is the real eBay.com login page as it looks now:
This particular attack was very convincing because if details need updating in someones profile then sites will often ask you to signin and update your details. The only differences I can see between the two login pages is that the fake one has a Microsoft Passport login button image, where as the real one has a text link, and there is two addresses in the address bar on the fake page (I think that might be because I am running XP SP2). After I logged-in with a fake username and password it asked me to enter in my credit card details. And after putting fake information in there, it send me to the real eBay help page. So very convincing on the whole and I have reported it to eBay, but there isn't much they can do because these emails are sent from zombie networks (that topic for another time).
