More and more phishing emails can be traced back to compromised home PCs. For example, one that purported to be from CitiBank used the URL https://web.da-us.citibank.com/cgi-bin/citifi/scripts/login2/login.jsp?, but if you looked at the source it was really sending you to 18.104.22.168, which resolves to adsl-68-72-96-25.dsl.chcgil.ameritech.net - probably a home user of Ameritech's DSL service whose PC has been compromised.
Even the simplest NAT firewall turned on at the DSL modem would stop this from working, the firewall in XP SP2 might as well. So, two easy steps to make it harder at that end.
But what really needs to change is the browser. There has to be a warning that the displayed destination is not where the browser is really going. Imagine if telephones allowed you to dial 800 BUY BOOK and it didn't take you to 900 280-2665, instead it took you to a credit hackers telephone. You'd be screaming at whoever sold you that phone. Unfortunately, the browser world has stagnated since Netscreen went down the dumper - maybe a bit of Firefox adoption will stir some innovation.