This story was posted on Montana Freelance Technology website originally by jlkolpin and it is serious enough that I saw fit to post it here as well.

Even with Spamassassin and two live email virus scanners run on every mail that gets on our servers, I firsthandedly recieved a phishing attempt in my mailbox today. What is a phishing attempt exactly? Read more to find out as well as how to handle the attempts...

What is Phishing?
Phishing is somewhat what it sounds like. Someone baits a hook (mailicous email) and tosses it out into the water (internet) trying to get something (someone) to bite.

Here's how it works:
Someone sends you an email (in this case mine appeared to be a warning from Ebay static their software detected someone logging into my account). It said my account was locked out because of several failed login attempts. There was also a link to log into my Ebay account. At first everything looked on the up and up but after a few seconds of thinking I realized the URL in the browser address bar was fake.

Here's the fake login addres (DO NOT TRY TO LOG IN WITH YOUR EBAY ACCOUNT AND PASSWORD!!! YOU HAVE BEEN WARNED!):
http://61.31.188.131/signin.ebay.com/saw-cgi/eBayISAPIdllSignIn.html

Here is Ebay's REAL login address:
https://signin.ebay.com/ws/eBayISAPI.dll? >> it goes on....

Now the email must have gotten through because it actually had two links, one that went to the real ebay login and another that said "Click Here". The click here one goes to the malicious address that looks exactly like the Ebay login. This is why the phishing attack scanner did not pick it up. the link that stated it went to Ebay actually did and the "Click Me" did not.

I also looked at the email source:
Received: from mail.atkpalvelu.fi (ws100.atkpalvelu.fi [217.152.210.100]) by mail.mtfreetech.us (Montana Freelance Technology) with ESMTP id 4A34827CFA for ; Wed, 17 Aug 2005 10:01:28 -0600 (MDT)
Received: by mail.atkpalvelu.fi (Postfix, from userid 1002) id 791DF31E17; Wed, 17 Aug 2005 18:46:37 +0300 (EEST)

This is not from Ebay but from somewhere in Finland

I did a whois on the mail server Ip address:
inetnum: 217.152.0.0 - 217.152.255.255
org: ORG-EO1-RIPE
netname: FI-ELISA-20010209
descr: Elisa Oyj
descr: PROVIDER Local Registry
country: FI
admin-c: KH-RIPE
tech-c: KH-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ELISA-MNT
mnt-routes: ELISA-MNT
source: RIPE # Filtered
organisation: ORG-EO1-RIPE
org-name: Elisa Oyj
org-type: LIR
address: PL 40
address: 00061
address: ELISA
address: Finland
phone: +358102663850
fax-no: +358102693850
admin-c: RH8196-RIPE
admin-c: JIT3-RIPE
mnt-ref: ELISA-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: Elisa Hostmaster
address: Elisa Oyj
admin-c: KH-RIPE
tech-c: KH-RIPE
nic-hdl: KH-RIPE
abuse-mailbox: abuse@elisa.fi
mnt-by: ELISA-MNT
source: RIPE # Filtered
% Information related to 'ORG-EO1-RIPE'
route: 217.152.0.0/16
descr: Elisa Oyj
origin: AS719
mnt-by: ELISA-MNT
source: RIPE # Filtered

Notice also in the header the mail domain from the sender: mail.atkpalvelu.fi

I decided to check out what http://atkpalvelu.fi/ looked like. I don't read Finnish so I can only assume it says they are under construction(wild guess). I also checked to see who was at the IP address the email came from so I did an http://217.152.210.100/ which shows a Debian Apache placeholder. This email is very slick how it got past the Spam scanner.

What do i do to protect myself?

There aren't many ways to defend yourself against something like this..
First off as a server administrator, I will be blocking anything that comes from that subnet of IP addresses in Finland (sorry Finlanders but I have no choice).

Second comes in your part.
Whenever ANY business type mail such as Ebay or Hotmail or Yahoo contacts you concerning account information CHECK THE LINKS IN THE EMAIL!
Say there is a click here link, right click the link and choose copy and then paste it into a browser or text document.
If the address looks suspicious or as if it was not from the people it says it is from then it is probably a phishing attempt.
Look at the email source and see what email server the mail originated from. If it doesn't say Ebay but claims it is from Ebay then you are probably being phished. Some common sense really goes a long way with this stuff.
OH NO I BEEN PHISHED AND BIT!
Well nobody is perfect, we can't all be internet gurus or all that saavy.

First off lets look at what a fake ebay login page will do to you.

Worst case scenario:
You attempt to log into the fake site, and in this case goes directly to a credit card information page. Ebay does not do this EVER. So without putting in the credit card, they alread have logged your ebay username and password. If you got this far immediately go to ebay and change your password.
Secondly, if you got suckered into the credit card information, I already feel sorry for you and you will now realize the dangers of information on the net and what bad people can do. Call your credit card company and make sure nobody is buying anything from ebay with it, cancel it and start over. If they got into your Ebay account, they also may have gotten your paypal account information as well. Make sure nobody has messed with paypal and change passwords ASAP. I'm not sure of other methods of payment or what ebay holds as far as information but make sure you lock down anything they may have remotely gotten the chance to discover.
I sure hope someone isn't reading this in the next few days going ahhh So that's what happened. There is nothing more disheartening when your entire credit and money accounts get broken into, it is a pain in the butt.