I’ve spoken to hundreds of leaders and managers as we’ve started Lighthouse and one common pattern we’ve found is somewhere around 25 employees, everything breaks.
The note contained a bit.ly link which redirected to a shrturl.co link which then displayed the article.
Shrturl does a surprisingly thorough job of cloning the original site, the headers, footer and styling are copied verbatim. It then allows you to click on any text on the page and replace it with your own. Saving your changes gives you a shrturl.co and a bit.ly link to share. (In fact, you can try it on this post!)
The copy is so convincing that the only way to tell it is not a legitimate article is by looking at the URL. (That, and I assumed that since the real version of this article came out only a day before, people would have recognized the headline and story.)
Interestingly, just days ago, Apple showed off the next version of OS X at WWDC, in which Safari no longer shows the full URL in the address bar.
And in 2011, Google was testing a new design of Chrome which hid the URL bar entirely by default. Fortunately that didn't make it to a released version of Chrome, since the URL is often the only thing standing between you and a phishing attack.
URLs have been the basis of the Web since the beginning, and are still the only reliable way to tell if you're really looking at the site you think you're looking at.
Don Park brought up an excellent point in a reply on Twitter, that this is a "good demonstration of how browsers have room to make a stronger user experience of connecting the content to the URL."
Clearly this is true, since some people were fooled by this fake article despite it being on a different domain.
The browsers' current behavior of displaying the whole URL is not sufficient. Maybe what we will see in the next versions of Safari and Chrome, showing only the domain of the URL will help, since it will make the domain name easier to spot without the noise of the rest of the URL. Or maybe there is a better solution nobody has thought of yet.
In the mean time, make sure you double check the actual URL of the page you're reading before believing anything you read!