When a user visits the demo URL with a vulnerable browser, he is presented with what looks like the Apple home page, with a small dialog box at the top. Pressing the demo button in the box will open a new browser window that shows “www.apple.com” in the address bar and looks exactly like the company’s site, save for a small line of text at the top. However, that page is sitting on the MajorSecurity server.
tactics like this one are rampant on desktop browsers and are a common part of phishing campaigns and other organized attacks. These attacks often succeed even with forgeries that aren’t anywhere near perfect. If attackers can drive victims to a forged site that’s an exact copy of the legitimate one and includes the proper URL, they’re in good shape.