The attacker can replace the current page with his own phising page.
Of course, the hostname part of the url would change, but the user is unlikely to notice that.
The attacker can replace the current page with his own phising page.
Of course, the hostname part of the url would change, but the user is unlikely to notice that.