๐Ÿšจ Phishing Alert: Fake Login Pages & Credential Theft on the Rise

We want to alert everyone to a sharp increase in phishing emails targeting staff—especially those involving fake login pages for major services like Google, DocuSign, Dropbox, and others.

These scams are becoming more sophisticated and convincing, and we want to ensure you’re equipped to spot them before they cause damage.


⚠️ What’s Happening

You may receive an email that looks like a legitimate request from a school we partner with or a service you recognize. It might ask you to:

  • Sign a document (e.g., DocuSign)

  • Open a shared file (e.g., Google Drive, Dropbox)

  • View secure student records

But here’s the trick:
These emails often contain a link that leads you to a fake login page—most commonly a Google sign-in page that looks nearly identical to the real thing.

Once you enter your email and password, the next screen will ask for your two-step verification code. It all feels normal… until it’s too late.


๐Ÿ”“ Why This Is So Dangerous

These attackers aren’t just phishing for your password—they’re now intercepting your Multi-Factor Authentication (MFA) codes too.

Here’s how:

  1. You receive a fake email prompting you to log in.

  2. You click the link and enter your real Google credentials on a fake Google page.

  3. The attacker, often using an automated bot, logs into your real account from another device in real time.

  4. When you enter your MFA code on the fake page, the attacker copies it into the real login, and just like that—they’re in.


๐Ÿง  How to Stay Safe

These phishing attempts can be incredibly convincing. Here’s what to look for:

Check๐Ÿงจ Red Flag
Email addressLegitimate login emails should come from the actual domain (e.g., @docusign.com, @dropbox.com, @google.com). If it's from someone else—even a partner school—be cautious.
Link destinationHover over links (without clicking!) to preview where they lead. If it doesn’t start with a real site (like https://accounts.google.com), don’t trust it.
AttachmentsPDFs or shared files that contain links to login pages are a big warning sign. Real file shares usually open directly without requiring unexpected credentials.
Login page detailsCheck the browser’s address bar. Real Google login pages will always be hosted on accounts.google.com with a secure lock icon. Fake sites may use slightly altered URLs or miss security indicators.
Urgency or pressureIf the message makes you feel like you need to act fast, slow down—that’s a classic phishing tactic.

๐Ÿ“ฌ What To Do If You’re Not Sure

If you receive an unexpected request—especially one asking you to enter your Google login or any credentials to view a file or sign a document—do not click any links. Instead:

Forward the email immediately to your tech support.

They will inspect the message and let you know if it’s legitimate.


๐Ÿ™Œ Thanks for Staying Alert

We know you’re juggling a lot this time of year, and that makes it easy to miss small red flags. That’s exactly what attackers are counting on.

Your attentiveness is one of our most powerful tools in keeping our network secure.
If you're ever in doubt, ask us first—click second.






Comments

Popular posts from this blog

How to Manage Screen Time for Kids and Teens

Phishing in Google Drive: Recognizing Malicious File Sharing Requests

Using Gmail Filters to Reduce the Risk of Phishing Emails