Try this in Firefox on a Mac for a live proof of concept. Otherwise, check out the videos!
What is this?
What's happening in this example?
In the latest version of Firefox which is where the videos are from (68.0.2), they've added some overlap which helps differentiate them if you're observant.
How do I not get phished?
The only part of this that I can't replicate is the fact that the real prompt takes over your entire window, and disallows you from switching tabs or opening new ones. Next time you get a prompt, make sure you can't switch to a new tab before entering your password in. The latest version of Firefox has some overlap outside of the canvas which can be spotted with a keen eye. I believe that slight overlap was introduced in the Firefox 68 design, the placement in Firefox 67 is almost an exact match to this fake prompt.
How can Firefox fix this?
They can redesign the prompt such that they collect the password from outside the canvas, making it impossible for a website to fake. They can also show a trust signal, such as an image or username which a malicious site would have to guess.