"Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. Youíve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site. What we donít expect is that a page weíve been looking at will change behind our backs, when we arenít looking. Thatíll catch us by surprise," Mr. Raskin, explains
on his blog.
The attack proposed by the design expert has a Web page detect when the user changes focus from it and deceptively change its appearance. The booby-trapped page doesn't even have to be a rogue one. It can be part of a legit website that has been compromised via a technique that allows code injection.