Most phishing attacks – links that send you to a fake website in the hope that you’ll login with your real credentials – are usually easy to detect. Emails are often generic, rather than using your registered name. Grammar is poor or the wording is weird. The email will threaten closure of your account if you don’t take urgent action, and so on.

If you did miss all these clues and click on the link, the URL would show that it’s not really the site that it claims to be. But one demonstration site created by a Chinese security researcher shows how it’s possible to visit a fake website that seemingly shows the correct https://www.apple.com URL in a browser window …

more…