News from NetCraft:

Visual spoofing, as outlined by Don Park, uses javascript links to launch a new browser window without scrollbars, menubars, toolbars and the status bar. This coding trick is commonly used to launch pop-up ads. In visual spoofing, these GUI elements are replaced by images, allowing the site creator to substitute a fake status bar containing the URL for a legitimate site, along with an image of a "lock" indicating a secure SSL site. Park has posted a demo of the technique, which works in multiple browsers. End users have the ability to configure their browser to prevent this behavior.

Gotta give the real hackers (no, Ivana, I'm not talking about you) some credit. This one would take a lot of work (once).

TTFN - Kent