We're hardly the people in question
I think it's only fair to point out that anybody reading this is extremely unlikely to be the victim of fishing (who the fuck called it phishing, is it those asshats that call stuff e-Account. i-Crap and cyberwossit).
As someone pointed out above it's when the URL "looks like" a banks URL to the casual unsavvy observer.
Sadly we're going to all to get those little card reading gizmos that essentially mean for a short time the fraudsters will be unable to operate... until they develop their software to login to a bank account and then pass the request for the code back to the user. At that point I can't see the gizmos being much use.
So if browsers get advanced and have a bar that says "THIS IS YOUR BANK" then it'll be trojans that will be relied on... hosts file = THIS IS YOUR BANK.
The only way I can think of that would be mainly effective is requiring people to make a telephone call, type in a PIN code and then when a number is read out use that to log in. Sadly though fraudsters will then just try to propogate false numbers. But I suspect BT would be quicker to act on those numbers than the "Internet Police" - which don't really exist (and please Labour don't try to make them).
There's very low incidence of fraudsters sending fake letters to people at the moment, I guess because it's easier to just get dumb people to type in their details. But when doing it by the internet doesn't work, you can bet that the fraudsters will start sending out headed letters saying to call this number to verify themselves or whatever.
Ultimately though there's no way to absolutely prevent it - other than educating every single person that uses the internet on how to spot a fake URL, and how to ensure their system isn't compromised. And even then there's the frequent security holes and the potential to alter hosts files.