Doesn't seem like it would be disproportionate effort on the part of finance industry and browser developers to mitigate this. Institutions could forward their login pages to developers via an industry supported registry. Browsers could look at URLs, text, code and appearance (perceptual hashes, OCR), then issue a warning if the user navigates to a page that's suspiciously similar to a registered page. You might be able to improve on that by having a standard HTML section for bank login pages which prohibits text chopping/combining, text as graphics/unicode homoglyphs etc. Just an additional warning that a login page is being visited for the first time would help. I suppose that scamers might stop using input elements altogether, making it harder to determine that a page is a login page.