this is a new commonality... i actually fell into it a few days ago... the
sending email looks very legit, but look at the domain... any
aw-confirm@xxxxxxxx is the
spoof.... its
aw-confirm@xxxxxxxx all
lowercase letters.... as soon as i "logged in" while i was already on an
open ebay page.. i realized within less than a minute something was wrong, if
you're signed in during a computer session, you can open and close an ebay
window many times, as long as you dont click "sign out" before signing offline,
youre still signed in... i was already signed in, and when asked to do so
again... that put up the flag.
this does not apply to paypal however, your login is timed out if you back
arrow during a transaction, so multiple sign-ins with paypal are
understandable.... but remember, any email from paypal addresses you by
your full name.