Got spam today. Nothing special, but this one is interesting.
It looks like a message from eBay (my copy seems to be sent from Sweden — because of the message header). The title is "eBay Account Suspended". Everything looks correctly, it points to eBay site...well, seems to point. The HTML code probably says everything:
<b>To confirm your identity with us click here: </b><br> <a href="http://218.38.12.41/ebay/"> https://www.ebay.com/account/fraudverification/verification.asp?system=0x12
So it shows proper address, but really points to a different one. I'm not hidding the IP. There's a form on that site, looks like an eBay one, designed to get users' passwords.
Nice try, should work for many people. Only browser URL spoofing is missing.