Now here’s a good idea. Why don’t they create a global top-level domain .bank? It would only be available to registered banks, and it’d make building a phishing site much more difficult, because it’s far easier to train your users to only type your bank details into a “.bank” domain.
The problem is that domain registrars are far too lazy to actually do any checks (other than “is this domain already taken”) which means it’s not hard for any Joe to come along and register citibank-signin.com (or whatever – assuming that’s not already taken, of course).
At least a .bank domain can be handled by an entity that actually cares about phishing – like a bank, for example (actually, probably some consortium of banks or something).
Unfortunately, it doesn’t help ebay or paypal or whatever, but it’s a step in the right direction, I’m sure.