toast, You're right, People will always get hacked. Does that mean we should make it easier for them to get hacked? The user isn't always wrong. Yes, maybe 80% of the time, someone opens a bad attachment, or visits [url]www.comegethacked.com[/url] but many times it's because they aren't computer smart, and don't have time/skill to verify the site or a certificate, and rely solely on their antivirus/antispyware to protect them.

By the way, I found a cool JavaScript injection to verify sites, here it is

Code:
javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");