Below you find three links to the page http://www.postbank.nl/.
The first - no tricks here.
Click and see - yes, this is the postbank. Click on "Log in" (upper right). See - yes, the correct Login window. Close these windows again.
With Pop-up Blocker
Without Pop-up Blocker
You get the same page http://www.postbank.nl/ again, but this time we plan to hijack it. Click the Login link on that page. If your browser is vulnerable, then the login page will be replaced by a fake one. If you want to try again, please refresh this page.
Read the page source and understand what happens.