The spoof test that was posted in the last couple of days - the status bar had a square box at the end of the fake URL (but nothing after it). When the link was clicked, the real link showed up in the address bar (with the %00 and everything).