SSLstrip substitutes a fake "padlock" icon for the site's favicon. Crude but effective.
"SSL Inspection" proxies the victim through an actual HTTPS connection, so it's less obvious, but the attacker must install their own root cert on the victim's computer (corporate PC, or via malware, or via dumb PC manufacturers) - unless they've obtained the private key for a "real" root cert...