Interesting observations. How then would you suggest improving security against phishing? For example Grandma gets an email saying "You have initiated a large wire transfer from your Building and Loan account. Please log in to confirm this transfer." The email includes a helpful link to building-and-loan.ru, which Grandma clicks and her woes begin. I should add that the building-and-loan.ru site is "verified by Equifax".

What about that?