Creating fake dialogue boxes and windows is nothing new, that has been around forever. Maybe using css to determine the os/browser and mimic each one’s style is the new concept. I’ll believe it when someone can show me a webpage that proves it live.
This goes way back to the
bad old days of 90s web popups that attempted to look like Windows dialogs.
Luckily for everyone the spammers couldn't resist the temptation to throw in a few brightly coloured police tape GIFs, radiation symbols, typos, bold fonts in about 6 sizes and otherwise generally spoil the illusion.
Anecdata, but I think this method is popular with Steam phishing sites. I have received a few links that mimicked the Steam web login prompt with a Windows window appareance.
My friend, who is the security-minded administrator of a somewhat huge public XMPP server, told me that he always disables Autofill/AutoType. He uses KeepAssXC and manually copy-pastes his details into forms. Said that he doesn't trust autofilling because of JavaScript exploits which would compromise his passwords. I don't recall if he mentioned it or not, but I'm pretty sure he also uses some utility that wipes his clipboard every so often (if KeepAssXC doesn't do that automatically)
The article does provide a test to distinguish authentic login pages from ones spoofed via CSS:
>Genuine OAuth or payment windows are in fact separate browser instances that are distinct from the primary page. That means a user can resize them and move them anywhere on the monitor, including outside the primary window.
Using an uncommon browser with non-default settings on an uncommon OS makes me a good target for finger-printing. Seems this kind of stuff is the upside now, where I would easily spot the differences (probably, would also like to interact with a working example).
