This is a combination of techniques that may mitigate password phishing: combine a whitelist + warning pop-up with prominent display of target domain and a time-delayed button. http://dready.org/blog/2007/01/22/browser-based-mitigation-of-phishing-attacks/ Comments are most welcome. =wil