The subject line starts with your email address, plus: eBay Billing Update failed - SafeMsg: 54961. Says it’s from eBay Billing Update [billingupdate@ebay.com].

The copy:

Dear eBay member,
This is an automated message sent to you by eBay Billing Update.
We have recently tried to VeriCharge your credit or debit card we have on record for $0.01, and the charge was declined. The $0.01 charge is only to confirm that the credit or debit card that you submitted to eBay is current. The charge being declined was likely caused by your credit card being over its limit or that the account has been cancelled.
In order for us to keep your account open we need to verify the status of your credit or debit card. In furtherance all flagged accounts will be given a full 48 hours prior to eBay suspending your account. We thank you for your response and look forward to continuing to serve you.
Please click here: http://billing.ebay.com to proceed to our secure 128 bit SSL encrypted billing server.
Yours sincerely,
Dave Meyers
eBay Billing Department
This notice was sent to: (your email address)
Encrypted Security Key: Verisign v3.542
abfy 881220 54961 abfy 705312
54961 abfy 881220 54961 abfy 705312

Of course, when you right click on the message to view the source, you note that http://billing.ebay.com actually links to 211.218.39.155/ebay/index.html. You note other urls like http://216.212.44.60/images/ebay_logo_home.gif. Using the free trimMail Online Spam Fighting Tools, you track the urls to a Korean portable address and host44-60.birch.net. Obviously not ebay.

That easy task for one email message would be impossible to replicate on every message traveling through your mail servers. And even harder to teach users.

That’s why you can set trimMail Inbox to disable hidden phishing links like those above. When users click, nothing happens. The unsuspecting victim must either type in http://billing.ebay.com, which leads to nowhere, or give up… Also gives the user time to remember your training.

Everybody wins but the phisher.