Michael Horowitz has a good writeup on some of the trickery used by phishers and thieves to create real looking, but completely fake URLs.  While most of This Blog’s Faithful Readers know all these tricks, it’s a good overview of the “domain name trickery” going on out there.

In determining who really owns a domain name, the rightmost two parts of the name are all that matters, and the only thing that determines the rightmost two parts are periods. Thus a web site name such as “www.ebay.scammer.com” is really “scammer.com” and has nothing to do with eBay. 

Link here.