I don't understand how something like this is even possible if the user's password is not compromised. I tried Googling about the DOM attack, but I couldn't find an explanation that I could understand given my current level of knowledge. Have there been previous cases similar to this? And how can we prevent and defend against these types of attacks?