There is a case where you access the fake site even though it is a correct URL
TREZOR, which provides an online wallet service for cryptographic currencies such as bit coins, reported on the blog that "traffic is hijacked" in some cases.
[PSA] Phishing Alert: Fake Trezor Wallet website - TREZOR Blog
July 2, 2018, TREZOR announced on their blog that their wallet service is being attacked. According to the blog, TREZOR 's support team received a query from the customer about an unauthorized SSL certificate that the situation was discovered. The image when accessing the fake phishing site published by TREZOR is as follows and the domain displayed in the URL is the same as the correct site "wallet.trezor.io", but for https communication The SSL certificate to be used is incorrect and you can see that "Not secure" is displayed in the address bar of the browser.
I do not know the method used for the attack, but even if I enter the correct URL, since I accessed the fake site, it is possible to think of methods such as DNS cache poisoning and BGP hijacking . BGP Hijack is an attack used to hijack Internet traffic and was used in the following cases in 2017 and 2018 in the following cases.
Amazon's DNS service "Route 53" is attacked and virtual currency with a market price of 16 million yen is deprived from users
In addition to checking whether the URL of the website you are accessing is correct, you can check whether the site you visited is really a site with that URL by using https (SSL) for communication. TREZOR makes a comment on "twitter" to make sure that you are doing legitimate https communication ".
PSA: Phishing. We have encountered a clone of Trezor Wallet, tricking users to divulge their recovery seed. Always check for a valid https connection while using https://t.co/rTfKn8bzIL .- TREZOR (@ TREZOR) July 1, 2018
Device Itself Can The Be Trusted;. Make Sure To Verify All Actions On The Trezor Screen Pic.Twitter.Com/or8Lw6M265
If you connect to fake site via https, you get a certificate error, but in case of http connection you can not notice that you are connected to fake site. Google announces a policy to make sure that the indication "unsafe" appears when connecting with http with Chrome browser.
Google intends to display sites not protected by HTTPS clearly as "unsafe" in the Chrome browser - GIGAZINE