For example, the lowly "login" page. It presents you with a username field, a password field, and a "login" button. The general contract you expect is that everyone has an unique username, which correspond to unique accounts, and passwords are not shared. A "lying" version of the page may treat your username as the password, and the "password" as your username, and go post it to a publicly-visible page of "currently logged-in users".
Another example to consider: the "helpful" email client.
It presents you with your To:, CC:, subject line, and body, and offers helpful features like autocorrect and spellcheck, fixing and/or notifying you of your typos as you go along. When you send, you have the satisfaction of looking in your "sent items" folder and seeing your nicely-spelled email.
Meanwhile, your recipient receives an email filled with all your original typos, "jsut aksing, whrere did you find that piece of infromation?" and even your carefully-reconsidered-and-edited-out phrases, "PEBKAC^H^H^H^H^H^HFat-fingered again?^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^HPlease check to make sure that you are typing the password you think you are typing, and that your capslock is not on."
Software that lies to you can be more insidious than viruses and malware, which are often flashy, and people make a big deal about them. Mendacious programs may go undetected until you do some in-depth tests. It's easy to tell that a program is doing something wrong when it opens up a thousand connections to your neighbors and starts reading your password file and sending copies of itself over the network. It's a little less obvious when a program neglects to dot some Ts or cross its eyes.
