We've use Facebook as our first stage of research in which we delete the login form, replace the login button with JavaScript which will redirect user to a notification page which
tells them this is a
phishing site and also
telling them how to prevent this vulnerability.