Genie:
Simple. Just type "paypal.com" or "ebay.com" into the address bar in your browser, and you'll leave all the phishers behind. Then you can log in and check that your account information is still right.

(If you want to keep things that simple, please ignore the rest of this post.)

You can also check whether you're still on the company's own website (e.g. after clicking links on a web page). Look at the address at the top of your browser window. If it starts with their domain (that is, if paypal or ebay is the last word before the ".com/" or country code) then you're still with the right company.

For example, look at the position of "ebay" in addresses like http.my.ebay.uk/ or https://signin.ebay.ca/ws/eBayISAPI.dll?SignIn. You know you're okay because "ebay.ca" (or .uk or .com or any other extension) is the domain (the last word before the .com or equivalent). Anything before that domain name, and anything after the first slash, just tells where you are within that domain.

On the other hand, if you ever happen to see an address such as www.ebay.xxx.com or xxx.com/ebay/ then be very suspicious, and report it to ebay.com immediately. Those web pages would be in Xxx.com's domain. Ebay'll be happy to sic the law on company Xxx.com for copyright violation or fraud, whichever can be proven.

Regarding incoming emails, the first thing to do is check the "From" address to make sure it is from the right domain. xxx@paypal.com is okay; paypal@xxx.ru is not.

If you weren't expecting an email from them, or something else makes you suspicious, your email program will allow you to "show all headers" on the suspicious email. In a few cases, the "From" field may be spoofed, but even in these cases the real originating domain can still be read in the other headers.