A now-common technique used by phishing attacks changes the URL displayed in the Internet Explorer Address Bar by popping up a tiny window over it with the false address. One of the reasons this works is that it assumes the default location for the Address Bar. If you move the Address Bar, the window still pops up, but it's obvious that it's a false address.
We've seen this technique used in many real-world phishing attempts. It's a sensible method to use for the attacker because so many people leave IE untouched. You can move any of the menu or button bars in Internet Explorer by clicking and dragging the vertical line of dots at the left end of the bar. You can also put the Address Bar on the same line as the menus. If you have trouble moving these toolbars they may be locked. Right-click on an empty area of them and de-select 'Lock the Toolbar'.
