I think an animated agent (like the old Office Assistants of MS Office) could help here; whenever a site displays a form the agent could appear in the corner of the window with a face that communicates 'OK' or 'not sure who you're talking to here', and a banner saying what the website is and whether it is verified.
So when going to a plain http: page hosted at google.com the little guy would shake his head, or wag his finger, and point out that (a) anybody can see the password you're entering as it goes across the wire, and (b) this is a page at Google.
(Five years ago this would have generated too many warnings all over the web, but nowadays major sites are increasingly using https.)
Browsers do have a well-intentioned warning that you are submitting form data over an insecure connection, but it's so annoying that everyone turns it off immediately. A notification that (mostly) gets out of your way and lets you continue to enter the data if you want, but communicates security concerns in a more human way, might do a better job of getting users to think before they click.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds