This is a little scary, because it's so simple. I have considered myself pretty much safe from phishing attacks, but this might be the one I might fall for:
It works like this: If you have several browser tabs open, then visit a website in one tab and then switch to another tab, the website might check if it has lost the focus - then change it's contents including title tag and it's favicon.
The tab that was called "widget site" before and had the "widget site" favicon, might now be called "Gmail" or "Paypal" in the tab, display the favicon of this website in it's tab and might have replaced it's contents with the login site.
More information and a demonstration here on Aza Raskins website:
Just open this website in a new tab, then switch to another tab and wait five seconds and see what happens.
It affects browsers differently. Most affected is Firefox. In Firefox Favicon, Title and Content is changed. In Internet Explorer it does not display a favicon at all and Opera does not display a new favicon. Chrome does not seem to be affected.