๐จ Phishing Alert: Fake Login Pages & Credential Theft on the Rise
We want to alert everyone to a sharp increase in phishing emails targeting staff—especially those involving fake login pages for major services like Google, DocuSign, Dropbox, and others.
These scams are becoming more sophisticated and convincing, and we want to ensure you’re equipped to spot them before they cause damage.
⚠️ What’s Happening
You may receive an email that looks like a legitimate request from a school we partner with or a service you recognize. It might ask you to:
-
Sign a document (e.g., DocuSign)
-
Open a shared file (e.g., Google Drive, Dropbox)
-
View secure student records
But here’s the trick:
These emails often contain a link that leads you to a fake login page—most commonly a Google sign-in page that looks nearly identical to the real thing.
Once you enter your email and password, the next screen will ask for your two-step verification code. It all feels normal… until it’s too late.
๐ Why This Is So Dangerous
These attackers aren’t just phishing for your password—they’re now intercepting your Multi-Factor Authentication (MFA) codes too.
Here’s how:
-
You receive a fake email prompting you to log in.
-
You click the link and enter your real Google credentials on a fake Google page.
-
The attacker, often using an automated bot, logs into your real account from another device in real time.
-
When you enter your MFA code on the fake page, the attacker copies it into the real login, and just like that—they’re in.
๐ง How to Stay Safe
These phishing attempts can be incredibly convincing. Here’s what to look for:
✅ Check | ๐งจ Red Flag |
---|---|
Email address | Legitimate login emails should come from the actual domain (e.g., @docusign.com , @dropbox.com , @google.com ). If it's from someone else—even a partner school—be cautious. |
Link destination | Hover over links (without clicking!) to preview where they lead. If it doesn’t start with a real site (like https://accounts.google.com ), don’t trust it. |
Attachments | PDFs or shared files that contain links to login pages are a big warning sign. Real file shares usually open directly without requiring unexpected credentials. |
Login page details | Check the browser’s address bar. Real Google login pages will always be hosted on accounts.google.com with a secure lock icon. Fake sites may use slightly altered URLs or miss security indicators. |
Urgency or pressure | If the message makes you feel like you need to act fast, slow down—that’s a classic phishing tactic. |
๐ฌ What To Do If You’re Not Sure
If you receive an unexpected request—especially one asking you to enter your Google login or any credentials to view a file or sign a document—do not click any links. Instead:
✅ Forward the email immediately to your tech support.
They will inspect the message and let you know if it’s legitimate.
๐ Thanks for Staying Alert
We know you’re juggling a lot this time of year, and that makes it easy to miss small red flags. That’s exactly what attackers are counting on.
Your attentiveness is one of our most powerful tools in keeping our network secure.
If you're ever in doubt, ask us first—click second.
Comments
Post a Comment