{"id":798,"date":"2025-09-19T08:00:15","date_gmt":"2025-09-19T12:00:15","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=798"},"modified":"2025-09-15T13:02:59","modified_gmt":"2025-09-15T17:02:59","slug":"spot-fake-logins","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2025\/09\/19\/spot-fake-logins\/","title":{"rendered":"Don\u2019t Fall for the Phish: Spotting Fake Logins Before It\u2019s Too Late"},"content":{"rendered":"<p data-start=\"298\" data-end=\"628\">Phishing attacks are getting sneakier\u2014and more convincing. One of the most common tricks we\u2019re seeing is fake login pages designed to mimic ÌÇÐÄvlog\u2019s <strong data-start=\"465\" data-end=\"489\">single sign-on (SSO)<\/strong> system. These pages often look identical to the real thing but are designed to steal your login credentials \u2014 and even your <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/duo-mfa\/\"><strong data-start=\"614\" data-end=\"627\">Duo codes<\/strong><\/a>.<\/p>\n<p data-start=\"630\" data-end=\"815\">Whether you&#8217;re a student, faculty member, or staff, it&#8217;s important to stay alert. Here&#8217;s how to spot a fake, what to do if something feels off, and what to do if you\u2019ve already clicked.<\/p>\n<hr data-start=\"817\" data-end=\"820\" \/>\n<h2 data-start=\"822\" data-end=\"857\">How to Spot a Phishing Email<\/h2>\n<p data-start=\"859\" data-end=\"968\">Phishing emails try to trick you into clicking a link or downloading an attachment. Look for these red flags:<\/p>\n<ul data-start=\"970\" data-end=\"1415\">\n<li data-start=\"970\" data-end=\"1045\">\n<p data-start=\"972\" data-end=\"1045\"><strong data-start=\"972\" data-end=\"994\">Urgency or threats<\/strong>: \u201cYour account will be deactivated in 24 hours!\u201d<\/p>\n<\/li>\n<li data-start=\"1046\" data-end=\"1183\">\n<p data-start=\"1048\" data-end=\"1183\"><strong data-start=\"1048\" data-end=\"1074\">Unusual sender address<\/strong>: The display name might look legit, but the actual email address is off.<\/p>\n<\/li>\n<li data-start=\"1184\" data-end=\"1242\">\n<p data-start=\"1186\" data-end=\"1242\"><strong data-start=\"1186\" data-end=\"1207\">Generic greetings<\/strong>: \u201cDear user\u201d instead of your name.<\/p>\n<\/li>\n<li data-start=\"1243\" data-end=\"1330\">\n<p data-start=\"1245\" data-end=\"1330\"><strong data-start=\"1245\" data-end=\"1276\">Strange formatting or logos<\/strong>: Low-quality images, misspelled words, weird spacing.<\/p>\n<\/li>\n<li data-start=\"1331\" data-end=\"1415\">\n<p data-start=\"1333\" data-end=\"1415\"><strong data-start=\"1333\" data-end=\"1368\">Unexpected attachments or links<\/strong>: Especially if you weren\u2019t expecting anything.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"1417\" data-end=\"1420\" \/>\n<h2 data-start=\"1422\" data-end=\"1450\">Hover Before You Click<\/h2>\n<p data-start=\"1452\" data-end=\"1565\">Before you click any link, <strong data-start=\"1479\" data-end=\"1499\">hover your mouse<\/strong> over it (or long-press on mobile) to see where it actually goes.<\/p>\n<p data-start=\"1567\" data-end=\"1580\">Ask yourself:<\/p>\n<ul data-start=\"1581\" data-end=\"1760\">\n<li data-start=\"1581\" data-end=\"1626\">\n<p data-start=\"1583\" data-end=\"1626\">Does the URL match the real login domain?<\/p>\n<\/li>\n<li data-start=\"1627\" data-end=\"1696\">\n<p data-start=\"1629\" data-end=\"1696\">Is it spelled correctly? (e.g. <code data-start=\"1660\" data-end=\"1675\">montclair.edu<\/code> vs. <code data-start=\"1680\" data-end=\"1695\">montclalr.edu<\/code>)<\/p>\n<\/li>\n<li data-start=\"1697\" data-end=\"1760\">\n<p data-start=\"1699\" data-end=\"1760\">Does it use <strong data-start=\"1711\" data-end=\"1720\">HTTPS<\/strong> (a padlock icon \ud83d\udd12 in the address bar)?<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1762\" data-end=\"1867\"><strong data-start=\"1762\" data-end=\"1825\">Fake SSO login pages often look identical to the real thing<\/strong>, but the URL will usually give them away.<\/p>\n<hr data-start=\"1869\" data-end=\"1872\" \/>\n<h2 data-start=\"1874\" data-end=\"1913\">Trust Your Gut \u2014 and Double Check<\/h2>\n<p data-start=\"1915\" data-end=\"1960\">If something feels off, don\u2019t click! Instead:<\/p>\n<ul data-start=\"1961\" data-end=\"2185\">\n<li data-start=\"1961\" data-end=\"2094\">\n<p data-start=\"1963\" data-end=\"2094\">Open a <strong data-start=\"1970\" data-end=\"1989\">new browser tab<\/strong> and go directly to your usual login page \u2014 don\u2019t use the link in the email.<\/p>\n<\/li>\n<li data-start=\"2095\" data-end=\"2151\">\n<p data-start=\"2097\" data-end=\"2151\">Contact <a href=\"https:\/\/www.montclair.edu\/information-technology\/it-service-desk\/\">IT Service Desk<\/a> if you\u2019re unsure.<\/p>\n<\/li>\n<li data-start=\"2152\" data-end=\"2185\">\n<p data-start=\"2154\" data-end=\"2185\">Report it using the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phishing Alert Button (PAB)<\/a> or by forwarding it to <a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"2187\" data-end=\"2190\" \/>\n<h2 data-start=\"2192\" data-end=\"2239\">Extra Protection: MFA &amp; Duo Security Tips<\/h2>\n<h3 data-start=\"2466\" data-end=\"2509\">Don\u2019t Approve Unexpected Duo Pushes<\/h3>\n<p data-start=\"2510\" data-end=\"2690\">If you get a <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/duo-mfa\/\">Duo<\/a> request and <strong data-start=\"2539\" data-end=\"2573\">you\u2019re not actively logging in<\/strong>, <strong data-start=\"2575\" data-end=\"2596\">don\u2019t tap approve<\/strong> \u2014 that\u2019s a red flag that someone may have your password and is trying to access your account.<\/p>\n<h3 data-start=\"2692\" data-end=\"2727\">Never Share Your Duo Codes<\/h3>\n<p data-start=\"2728\" data-end=\"2888\">Some phishing scams ask you to enter or send a <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/duo-mfa\/\">Duo<\/a> code. Just like your password, <strong data-start=\"2810\" data-end=\"2840\">your Duo codes are private<\/strong> \u2014 no one, including IT, will ever ask for them.<\/p>\n<h3 data-start=\"2890\" data-end=\"2921\">Know About MFA Fatigue<\/h3>\n<p data-start=\"2922\" data-end=\"3071\"><strong data-start=\"2922\" data-end=\"2937\">MFA fatigue<\/strong> is when an attacker spams your Duo app with repeated login requests, hoping you\u2019ll approve one just to make it stop. If that happens:<\/p>\n<ul data-start=\"3072\" data-end=\"3167\">\n<li data-start=\"3072\" data-end=\"3101\">\n<p data-start=\"3074\" data-end=\"3101\">Don\u2019t approve any requests.<\/p>\n<\/li>\n<li data-start=\"3102\" data-end=\"3131\">\n<p data-start=\"3104\" data-end=\"3131\"><strong>Report it<\/strong> to IT right away.<\/p>\n<\/li>\n<li data-start=\"3132\" data-end=\"3167\">\n<p data-start=\"3134\" data-end=\"3167\">Change your password immediately.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3169\" data-end=\"3270\"><strong data-start=\"3169\" data-end=\"3211\">MFA works only when you\u2019re in control.<\/strong> If something feels off, trust your instincts and act fast.<\/p>\n<hr data-start=\"3272\" data-end=\"3275\" \/>\n<h2 data-start=\"3277\" data-end=\"3324\">What to Do If You Clicked or Entered Info<\/h2>\n<p data-start=\"3326\" data-end=\"3394\">If you accidentally submitted your login credentials on a fake page:<\/p>\n<ol data-start=\"3395\" data-end=\"3765\">\n<li data-start=\"3395\" data-end=\"3487\">\n<p data-start=\"3398\" data-end=\"3487\"><strong data-start=\"3398\" data-end=\"3434\">Change your password(s) immediately<\/strong> \u2013 Start with your <a href=\"https:\/\/iams-amc.montclair.edu\/page-password-reset-initial\">NetID password<\/a>. If you use a similar password anywhere else (including personal accounts) reset those as well!<\/p>\n<\/li>\n<li data-start=\"3488\" data-end=\"3571\">\n<p data-start=\"3491\" data-end=\"3571\"><strong data-start=\"3491\" data-end=\"3523\">Notify the Phish Files<\/strong> \u2013 Use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 PAB<\/a> or forward the email to <a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/p>\n<\/li>\n<li data-start=\"3572\" data-end=\"3660\">\n<p data-start=\"3575\" data-end=\"3660\"><strong data-start=\"3575\" data-end=\"3606\">Stay alert for Duo requests<\/strong> \u2013 If you see any suspicious ones, don\u2019t approve them.<\/p>\n<\/li>\n<li data-start=\"3661\" data-end=\"3765\">\n<p data-start=\"3664\" data-end=\"3765\"><strong data-start=\"3664\" data-end=\"3688\">Monitor your account<\/strong> \u2013 Look for unusual activity (like login attempts from unfamiliar locations).<\/p>\n<\/li>\n<\/ol>\n<hr data-start=\"3767\" data-end=\"3770\" \/>\n<h2 data-start=\"3772\" data-end=\"3800\">How to Report Phishing<\/h2>\n<p data-start=\"3802\" data-end=\"3832\">If you get a suspicious email:<\/p>\n<ul data-start=\"3833\" data-end=\"4060\">\n<li data-start=\"3833\" data-end=\"3860\">\n<p data-start=\"3835\" data-end=\"3860\"><strong data-start=\"3835\" data-end=\"3860\">Don\u2019t click anything.<\/strong><\/p>\n<\/li>\n<li data-start=\"3833\" data-end=\"3860\">Use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 PAB<\/a><\/li>\n<li data-start=\"3861\" data-end=\"3967\">\n<p data-start=\"3863\" data-end=\"3967\"><strong data-start=\"3863\" data-end=\"3877\">Forward it<\/strong> to <a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"4062\" data-end=\"4065\" \/>\n<h2 data-start=\"4067\" data-end=\"4097\">TL;DR \u2014 Quick Safety Tips<\/h2>\n<ul data-start=\"4099\" data-end=\"4349\">\n<li data-start=\"4099\" data-end=\"4134\">\n<p data-start=\"4101\" data-end=\"4134\">Hover over links before clicking.<\/p>\n<\/li>\n<li data-start=\"4135\" data-end=\"4173\">\n<p data-start=\"4137\" data-end=\"4173\">Always check the URL on login pages.<\/p>\n<\/li>\n<li data-start=\"4174\" data-end=\"4228\">\n<p data-start=\"4176\" data-end=\"4228\">Don\u2019t trust emails that rush you or threaten action.<\/p>\n<\/li>\n<li data-start=\"4229\" data-end=\"4288\">\n<p data-start=\"4231\" data-end=\"4288\">Never approve unexpected Duo requests or share MFA codes.<\/p>\n<\/li>\n<li data-start=\"4289\" data-end=\"4318\">\n<p data-start=\"4291\" data-end=\"4318\">Report anything suspicious.<\/p>\n<\/li>\n<li data-start=\"4319\" data-end=\"4349\">\n<p data-start=\"4321\" data-end=\"4349\">If you\u2019re not sure \u2014 ask IT!<\/p>\n<ul data-start=\"4099\" data-end=\"4349\">\n<li data-start=\"4319\" data-end=\"4349\">\n<p data-start=\"4321\" data-end=\"4349\"><a href=\"https:\/\/www.montclair.edu\/information-technology\/it-service-desk\/\">IT Service Desk<\/a><\/p>\n<\/li>\n<li style=\"font-weight: 400\">Email:<a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.ed<\/a><strong><a href=\"mailto:itservicedesk@montclair.edu\">u<\/a><\/strong><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Call: 973-655-7971<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr data-start=\"4351\" data-end=\"4354\" \/>\n<h2 data-start=\"4356\" data-end=\"4401\">Bonus Tip: Bookmark the Real Login Page<\/h2>\n<p data-start=\"4403\" data-end=\"4572\">To avoid ever clicking a fake link, <strong data-start=\"4439\" data-end=\"4480\">bookmark any official pages you use (like <a href=\"https:\/\/nest.montclair.edu\/\">NEST<\/a>)<\/strong>\u00a0and only sign in from that link. It&#8217;s a simple habit that can save you from phishing scams.<\/p>\n<blockquote data-start=\"284\" data-end=\"423\"><p><strong>&#8220;Ask me about Duran Duran.&#8221;<\/strong><\/p>\n<p>\u2014 Emily Harris JD, CISSP, CIPP\/US<br \/>\nChief Information Security Officer<\/p><\/blockquote>\n<hr \/>\n<h2 data-start=\"553\" data-end=\"653\">Want to Know More?<\/h2>\n<p>FBI.gov | <a href=\"https:\/\/www.fbi.gov\/how-we-can-help-you\/scams-and-safety\/common-frauds-and-scams\/spoofing-and-phishing\">Spoofing and Phishing<\/a><\/p>\n<div class=\"lSfe4c r5bEn aI5QMe\">\n<div class=\"SoAPf\">\n<div>\n<div class=\"MgUUmf NUnG9d\">Wired | <a href=\"https:\/\/www.wired.com\/story\/slack-microsoft-teams-app-security\/\">Slack\u2019s and Teams\u2019 Lax App Security Raises Alarms<\/a><\/div>\n<div>\n<p>ITPro |<strong><a rel=\"noopener noreferrer\" href=\"https:\/\/www.itpro.com\/security\/ransomware\/the-scattered-spider-ransomware-group-is-infiltrating-slack-and-microsoft-teams-to-target-vulnerable-employees\" target=\"_blank\" class=\"c-link\" data-stringify-link=\"https:\/\/www.itpro.com\/security\/ransomware\/the-scattered-spider-ransomware-group-is-infiltrating-slack-and-microsoft-teams-to-target-vulnerable-employees\" data-sk=\"tooltip_parent\">The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employees<\/a><\/strong><\/p>\n<div class=\"lSfe4c r5bEn aI5QMe\">\n<div class=\"SoAPf\">\n<div>\n<div class=\"MgUUmf NUnG9d\">Wired | <a href=\"https:\/\/www.wired.com\/story\/slack-microsoft-teams-app-security\/\">Slack\u2019s and Teams\u2019 Lax App Security Raises Alarms<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Phishing attacks are getting sneakier\u2014and more convincing. One of the most common tricks we\u2019re seeing is fake login pages designed to mimic ÌÇÐÄvlog\u2019s single sign-on (SSO) system. These pages often look identical to the real thing but are designed to steal your login credentials \u2014 and even your Duo codes. Whether you&#8217;re a [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":625,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=798"}],"version-history":[{"count":4,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/798\/revisions"}],"predecessor-version":[{"id":814,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/798\/revisions\/814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/625"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}