1. In some circumstances, the trust relationship is created and then immediately abused. For example, an attacker might attempt to extract login credentials from an organization's helpdesk by convincing the technician that they are a legitimate user in some kind of unusual situation that requires standard procedures to be bypassed.
2. This can sometimes be detected by the use of a non-standard HTTP port embedded in the target URL.
3. This also allows the phishing scam to only focus on the users that use browsers with specific security vulnerabilities or that use browsers with specific functionality.
4. Two-channel authentication requires the user to authenticate over two different mediums. For example, part of the authentication would involve the bank sending a challenge via SMS, and the user replying via SMS.
5. This would still leave the user vulnerable to a DNS poisoning attack; however, it would defeat a significant percentage of phishing attacks, which rely on malformed or disguised URLs.
6. Hackers, crackers and script kiddies.