This, to the untrained eye, might at first glance look like a paypal.com link. In fact, it belongs to verified-account.com and it abuses the capability of URLs to contain a username and password to make it look legit.
Wow, I knew Firefox warns for these by default so I thought nobody would ever use this for a phishing attack anymore but it looks like Chrome just meekly follows the standard. That's too bad, really, this is a very easy way to create very realistic phishing mails.
You are about to log in to the site “google.com” with the username “www%2Epaypal%2Ecom”, but the website does not require authentication. This may be an attempt to trick you.
Is “google.com” the site you want to visit?
From the error message it sounds like if this was an attacker controlled site configured to require authentication it wouldn't trigger? If so it's not that useful a defense since whether to require auth is entirely under the attacker's control.
Could you give an example? As far as I know, you cannot do something like making a link look like it belongs to a completely different domain.