As anti-phishing technology gets better, scammers are working to stay one step ahead. Many current phish detection tools rely on spotting form elements in the page’s HTML code that require passwords, credit card numbers and so on. Crooks have therefore turned to Flash, which can replicate entire webpages undetected by such tools. Examples of this technique, inevitably known as “Phlash”, have already been seen spoofing Paypal’s site.
We can’t say it often enough: don’t click links in emails. If you’re worried about a message you may have received from eBay or from Paypal, sign in to your account via the browser address bar *only*. If they have something they need to tell you, it will be there on the genuine site.