It was like a perfect storm. First, I've sold stuff on eBay recently (my Mac mini), so when I got an email from eBay with a buyer asking me when I was going to send the item, it made sense. Secondly, I got the email late at night, so I wasn't thinking and stupidly clicked the "respond" link in the email itself. Finally, I was at the time setting up my new laptop from work, so it didn't surprise me that none of my passwords entered automatically as they would have been on a machine I used regularly.
Thus, I logged in with my username and password to http://signin.ebay.com.regsip.tk . Joy. When I went to find the message and it wasn't there, alarm bells went off and I realized what happened and changed my password immediately. HOPEFULLY that's it - I say hopefully, because maybe the phishers were smart enough to log in and keep a session open? Also, since my PayPal password was the same, I changed that as well. And since my Yahoo password was the same as those, I changed it too... (and so on). I'm SUCH a moron. Man, just when you think you're immune to this stuff because you're a hip power-user etc. etc., you get caught. Not only am I annoyed at myself, I can't tell you the seething hatred I have for the guy on the other end of that phishing site as well.
This is a good reminder though - I've been meaning to organize and change my passwords to something new and secure for a variety of sites - everything from Yahoo! through iTunes to Amazon to eBay and PayPal and more. Now's a good a time as any.