I got a rash of these things right after I went to a web site that promoted certain night clubs and you "voted" for one artist or another to get a gig at one or the other of the venues.
Of course, to "vote", you had to give them your e-mail address.
You might think, 'coincidence', but I had two addresses and they both started getting phished at the same time.
The "notice" from "eBay" is identical in form in every instance (right down to the same phony link in the body of it), even though they don't ever come from the same originating IP.
Do not click ANYWHERE in the notice. If you 'hover' your pointer over the "notice" you will see in your browser's status bar that the actual link is not what is stated in the body of the "notice" - it's entirely a different URL.
And unlike ordinary links, it's not just 'over' the hypertext-looking part of the notice, you can see the activity on the status bar no matter where on the "notice" you hover.
To see some of these discrepancies and others, you can pick the "full headers" option on your e-mail program.
The great part is, I don't even HAVE an eBay account, or even PayPal -- they both suck for many reasons, but the firearms issue would be enough to keep me away anyhow.