Yes you are right, looking the page source. Another method could be looking the autocomplete function. If the iframe is legitime then our browser will show us our user and the saved password, if it is a scam we will not see anything and it will ask us to write everything.
You are viewing a single comment's thread from:
A good password manager should help. I use Lastpass and I have to trust that it won't give a password to the wrong site. It's a serious risk when money is involved