A colleague of mine pointed me to a new form of phishing attack. This type of attack uses changes a tab in the background from the loaded page to a well known login form, like gmail. The user will think that she/he wasn't logged in and will login. Resulting in sending their account to an unknown person.
Here's the proof of concept: http://www.azarask.in/blog/post/a-new-type-of-phishing-attack.