You are mostly right.

Google has an anti-phishing extension that does not try to detect fake Google sites. Instead it detects when a user use their Google credential on a non recognise Google website.

Sometimes, you could analyse the source of the page and see if the current page contains a recognised pattern and if the domain name is not whitelisted then show a warning.

All those methods are not 100% accurate or effective which is why I use a combo of methods to try catch as much cases as possible.