| ▲ | jaggirs 9 days ago | |
In your example, the user is logging in to BAD.com, thinking it is GOOD.com. In the OP's example, the user is logging in to BAD.com intentionally, but his GOOD.com account is still hacked into. This is a lot harder for the user to catch on to. | ||
| ▲ | account42 9 days ago | parent [-] | |
Specifically, that OP describes sounds like a plausible log-in-with-big-tech-company flow that is really common these days. | ||