Behold, a password phishing site that can trick even savvy users
When we teach people how to avoid falling victim to phishing sites, we usually advise closely inspecting the address bar to make sure it does contain HTTPS and that it doesn't contain suspicious domains such as google.evildomain.com or substitute letters such as g00gle.com.
https://arstechnica.com/information-technology/2022/03/behold-a-password-phishing-site-that-can-trick-even-savvy-users/