[via Boing Boing]
[Note: This doesn't work with IE, because IE doesn't support Unicode in domain names. The laziness of the IE team has saved them from this exploit]
First, open this page (the phished page): http://www.paypal.com
Them open this page (the original):
Check the url for both. Check the link you are going to for both. Identical ? But both go to different sites.
For an explanation, click here.