My girlfriend has been selling a lot of vintage items on ebay. She discovered that people have been listing items in the "weird" category, such as Kool-Aid packets, Fart-in-a-Jar, etc. Apparently the main reason people list these items (besides having some fun) is to get more traffic to the rest of their items. She experimented with this and listed a 1 week old head of lettuce that was starting to go bad. It did get a lot of traffic. Then she got a question from a buyer when she checked her email. The html in the email was duplicate of what ebay normally sends, along with the subject. The "buyer" was excited and said he wanted to buy the whole head of lettuce for a good price. She then hit the "respond now" button in the email (which ebay normally has anyway) and it took her to the ebay "login" page, which seemed normal since you had to access your account to respond the the user. The next day she discovered a Ford Mustang had been listed on her account, leaving her with a whopping $42 listing fee . The password had been phished, and very cleverly so. Other login phishing pages on ebay had shown up before, but we always knew better. The good thing is that ebay caught on to the third party activity before they received her report and suspended her account. She was then quickly assisted with live help and got things back to normal again. It's good to see that ebay is very good about correcting these things, but what they REALLY need to do is what paypal does. Paypal never asks you to login from a link straight from your email. They always advise that you log out of your email first, then manually type in paypal.com to login. It suprises me that ebay hasn't had the common sense to do the same. As for the Ford Mustang, the pictures looked a little too professional, so they were probably stock photos, and the description was very vague. The password phisher said "if you want to buy it now, then email me at xxxxxxxx", which means it was probably some wire transfer scam or something of that nature.