I haven't seen this method of using Google in a phishing scheme before. 

The URL displayed like this:
www.citibank.com/?qSEMndGSGqMburfeUKU84ew3p36o9d7i1uVI93ZDK6f4z3KrnhLpZ3h087h

But it was actually something like this:
http://www.google.com/url?q=http://www.google.com/url?q=http://www.google.com/url?q=http://blogs.geekdojo.net/brian

Except the end of the URL wasn't http://blogs.geekdojo.net/brian, It was a completely encoded string pointing to the actual Phishers website. 

The site spawned the typical Citi Bank looking pop-up asking for a username, pin, and checking account number and it redirected the main window to the actual Citi Bank site.

This should be a Federal Crime with mandatory jail time.  Even though I try to keep my less than computer savvy family informed of this kind of scum, I still worry about what they may get tricked into doing.