๐Ÿšจ Phishing Alert: Fake Login Pages & Credential Theft on the Rise

By -

We want to alert everyone to a sharp increase in phishing emails targeting staff—especially those involving fake login pages for major services like Google, DocuSign, Dropbox, and others.

These scams are becoming more sophisticated and convincing, and we want to ensure you’re equipped to spot them before they cause damage.

⚠️ What’s Happening

You may receive an email that looks like a legitimate request from a school we partner with or a service you recognize. It might ask you to:

  • Sign a document (e.g., DocuSign)

  • Open a shared file (e.g., Google Drive, Dropbox)

  • View secure student records

But here’s the trick:
These emails often contain a link that leads you to a fake login page—most commonly a Google sign-in page that looks nearly identical to the real thing.

Once you enter your email and password, the next screen will ask for your two-step verification code. It all feels normal… until it’s too late.

๐Ÿ”“ Why This Is So Dangerous

These attackers aren’t just phishing for your password—they’re now intercepting your Multi-Factor Authentication (MFA) codes too.

Here’s how:

  1. You receive a fake email prompting you to log in.

  2. You click the link and enter your real Google credentials on a fake Google page.

  3. The attacker, often using an automated bot, logs into your real account from another device in real time.

  4. When you enter your MFA code on the fake page, the attacker copies it into the real login, and just like that—they’re in.

๐Ÿง  How to Stay Safe

These phishing attempts can be incredibly convincing. Here’s what to look for:

Check๐Ÿงจ Red Flag
Email addressLegitimate login emails should come from the actual domain (e.g., @docusign.com, @dropbox.com, @google.com). If it's from someone else—even a partner school—be cautious.
Link destinationHover over links (without clicking!) to preview where they lead. If it doesn’t start with a real site (like https://accounts.google.com), don’t trust it.
AttachmentsPDFs or shared files that contain links to login pages are a big warning sign. Real file shares usually open directly without requiring unexpected credentials.
Login page detailsCheck the browser’s address bar. Real Google login pages will always be hosted on accounts.google.com with a secure lock icon. Fake sites may use slightly altered URLs or miss security indicators.
Urgency or pressureIf the message makes you feel like you need to act fast, slow down—that’s a classic phishing tactic.

๐Ÿ“ฌ What To Do If You’re Not Sure

If you receive an unexpected request—especially one asking you to enter your Google login or any credentials to view a file or sign a document—do not click any links. Instead:

Forward the email immediately to your tech support.

They will inspect the message and let you know if it’s legitimate.

๐Ÿ™Œ Thanks for Staying Alert

We know you’re juggling a lot this time of year, and that makes it easy to miss small red flags. That’s exactly what attackers are counting on.

Your attentiveness is one of our most powerful tools in keeping our network secure.
If you're ever in doubt, ask us first—click second.






Comments

Post a Comment

Popular posts from this blog

How to Manage Screen Time for Kids and Teens

By -
 In today’s digital world, kids and teens are growing up surrounded by screens—from smartphones to tablets, laptops, and gaming consoles. While technology offers tremendous educational and social benefits, balancing screen time is crucial for young people’s health and well-being. Here are some effective strategies for managing screen time to help kids develop healthy digital habits. 1. Set Age-Appropriate Screen Time Limits The American Academy of Pediatrics (AAP) offers general guidelines for screen time based on age, but every family is unique. Consider these as starting points: Ages 2-5 : Limit screen time to one hour of high-quality programming per day, preferably with a parent or caregiver to guide their experience. Ages 6 and older : Establish consistent screen time limits, focusing on balancing digital time with other activities like physical play, homework, and family time. Pro Tip : Work with your child to set achievable goals around screen time. When they have a say in cr...
Read more

Phishing in Google Drive: Recognizing Malicious File Sharing Requests

By -
 As educators increasingly rely on Google Drive to share lesson plans, collaborate on documents, and store sensitive information, phishing scams are evolving to exploit this environment. Instead of focusing solely on email, attackers now create convincing file-sharing requests to trick users into granting access or sharing login credentials. Understanding these tactics and spotting suspicious requests is essential for keeping your school community safe. How Phishing in Google Drive Works Traditional phishing attempts often come in emails directing you to fake login pages or malicious attachments. When it comes to Google Drive, attackers use a similar strategy but with a twist: Fake Shared Documents : Scammers may send a legitimate-looking email notification that a file or folder has been shared with you. At first glance, it looks like a standard Google Drive alert. Misleading Links and Fake Previews : The shared link might take you to a deceptive login page or a document embedded w...
Read more

Using Gmail Filters to Reduce the Risk of Phishing Emails

By -
  Phishing emails constantly threaten educators and school staff as cybercriminals grow more creative in their attempts to steal sensitive information. While tools like spam detection and built-in security features offer a first line of defense, you can take additional steps to protect your inbox. One effective method is using Gmail filters to automatically sort, label, or even delete suspicious messages before you’re tempted to click. In this post, we’ll show you how to set up and manage Gmail filters to help reduce your risk of falling for phishing scams. Why Use Gmail Filters for Phishing Defense? Gmail’s filtering system allows you to create custom rules for incoming emails. By setting up filters, you can: Identify High-Risk Messages : Automatically flag emails from unknown senders, suspicious domains, or those containing certain trigger words. Reduce Inbox Clutter : Move questionable emails into separate folders so you can review them later without exposing yourself to risk in...
Read more