- Fake login pages are the foundation of phishing scams set to steal your credentials.
- According to a new security report, currently, there are more than 9.500 Microsoft active fake pages.
- To stay protected, visit our Security & Privacy section for the right tools.
- If you haven't read the latest stories from the digital world, visit our News Hub.
We have already seen a serious increase in malware and phishing attacks due to the fact that people are forced to work from home.
Now we need another reason for you to keep your eyes open at all times when you log in to what they seem familiar locations.
According to a report released by security experts from IRONSCALES, there are more than 9.500 Microsoft fake login pages out there, ready to steal your credentials.
What are the top companies affected by fake login pages?
The researchers spent the first half of 2020 to identify fake login pages used for support hacks and phishing campaigns.
They detected more than 50.000 fake login pages and approximately 2.500 of them were polymorphic which means that they changed to mimic the likeness of the page depending on the victim’s prerequisites.
The most commonly selected victims for these phishing attacks worked in the financial, healthcare, and technology industries but also targeted government agencies.
On the top of the list is PayPal followed closely by Microsoft and Facebook.
How can a fake login page affect you?
PayPal can affect millions of people and losing the credentials may result in the direct loss of your earnings stored there.
However, the more concerning risk comes from the 9.500 fake login pages that can affect not only personal accounts but also company accounts for Office 365, SharePoint, and One Drive.
That means, of course, that whole businesses can be put to danger by this sort of issue. And not long ago we signaled a new Office 365 phishing campaign.
Usually, you receive an e-mail that appears legitimate and a link guiding you to the fake login page with a purpose that also seems legitimate.
Most of these messages are very hard to be detected by spam filters or any other technical controls so the only real filter is you.
The only solution for avoiding phishing and fake login pages is to carefully analyze the e-mails you open, the purpose of the message and, if you get there, the target page that you are about to log in to.
If you’ve been a phishing or fake login page victim, tell us your story in the Comments section below.