This is a "great" one. Apparently, there are so many Unicode characters that look just other Unicode characters but have a different code. Tailor-made for an identity attack. Try it out at this spoof Paypal site, it’s indistinguisable from the original!
A great illustration of why Kim’s 6th Law is an important idea, but extremely difficult to accomplish …
(Via Heise, in German)