Actually, it's even simpler than that.
I received a really genuine looking email from "ebay" claiming my account may have been compromised. Of course, personal information would be necessary to resolve the situation (they always want a credit card). A link was provided to ebay's login page. I took the link.
Fortunatley, I happen to be an html/javascript "guru" (I know my way around), and rather than logging in, I checked the source for the page. If you're not familiar with escape sequences, often used in javascript, it's basically a hard-to-read set of characters with lots of percent signs and other ascii. This souce had no apparent html, just a series of excaped characters. I decoded it, and determined this was the page source for a frameset. Hello! The login was indeed connected to ebay's login page (thus authenticity could be checked), but the information was being forewarded in another frame window to an angelfire site.
Basically it was designed so a less trained eye would click the link, believe they were at ebay's login page, and sign in. They find themselves in their own account, so they are convinced it was from ebay, but nothing seems amiss; they they disregard it. Meanwhile, another (likely malicious) individual has their login information.
Later, I recieved another email from ebay. This one had the same problem. The difference was, they did not give me a link. They told me to log into my ebay account, but I typed the url myself (just www.ebay.com), ensuring the actual ebay website. Sure enough, there was a page forcing me to change my password. This went successfully.
Moral of the story - for an authentic billing or account problem, an organization with whom you have an account will not send you a link. Rather, they tell you to login to your own account, thus ensuring authenticity.
Now, I will take a deep breath...
"What on Earth am I in here doing math on this beautiful day?! This is the only life I've got!" - Calvin, "Calvin & Hobbes", Bill Watterson 
Must use Buy It Now and PayPal.
)
)
)
)
)
