The actual mechanism by which this theft occurs is quite simple, if the spoof email does not present you with a form to enter sensitive date, it will attempt to direct you to a genuine looking but forged page. There is an eventual point at which the theft occurs, but it is not always from within the email itself. So, at some point you will be asked to enter your login info and/or credit or debit card numbers, bank account details and perhaps your social security number (you might even be asked for the answer to your password reminder question in an attempt to add a further sense of authenticity).
Once this is done, the sensitive information is relayed to, or retrieved, by the fraudsters with the clever use of some code in the email, web page, by utilising an online mail form processing service or by hacking into an existing one (in many cases a high level of knowledge in web design is needed).
In most cases, the perpetrators will want your information to gain control of things like your eBay account, Credit Card and email account and they may further utilise any information you inadvertantly give them to gain credit in your name. This can destroy your financial status quite quickly and recovery can be very lengthy and difficult.
I would like to finish by saying, that everyone should be cautious of any email they recieve from a person they have had no prior contact from. Please beware as I would hate anyone to be scammed. It's sick. So if you found my guide helpful please go ahead and vote positively for it.