Well, I wouldn’t call fake phishing attack exactly “in” Windows 8. A phishing attack is a bit like saying a bank is insecure because a criminal could put scantily-clad women outside a bank and lure the security guards out. Phishing attacks trick people into supplying sensitive information, or worse, downloading software. It preys on human weakness and ignorance, and isn’t per se a flaw in software.

That’s why security alerts cause the entire background to go dark when they popup (they’ve been doing that since Vista)…because it makes it more obvious. Of course, that doesn’t stop people from making popups on web pages that look like the built-in security popup…minus the blacked-out background.