This article on Network world highlights how even those alert phishing are fooled. It speaks to the need that a better ceremonial experience to sign into sites and do mutual authentication that Kim Cameron has proposed become standard.
A new study by reseachers at Harvard and Berkeley showed that 90% of participants were fooled by a clever phish — and this was while the participants were actively on alert for phishes.
By simply changing the spelling of Bank of the West from www.bankofthewest to www.bankofthevvest, people were fooled into thinking they were on a real site. The researchers say Web site designers need to come up with a better way to help customers determine when a site is a phish.