unless scammers also get EV certificates
... it is not that much of a problem. Yes, uneducated users will assume that connection is safe if "https" is present in the URL window, but they should also know to check for whom the certificate had been issued. It is very easy to do. Like most other things in computer security it is an education issue, and not something that technology can address directly.
Biting the hand that feeds IT
