Phishing attackers can play with web addresses in a number of ways to trick you into following the link:
Hiding the link with a link shortener (bit.ly, goo.gl, etc)
Hiding the link under a “Click here” or similar button
Substituting numbers for letters (the number 0 for the letter o, as in “dr0pb0x.com”)
Spelling an existing address incorrectly (Facbook.com instead of Facebook.com)