Fake Login Pages a Serious Threat

Login Page

A recent study has identified over 50,000 fake login pages for over 200 of the world’s most known brands.  These web pages are often very realistic in appearance and are commonly used by attackers in order to obtain login credentials to your bank, email, social media sites and many other targets.  Fake login pages are a means for launching Phishing attacks on unsuspecting victims.  It starts with an email appearing to come from a trusted source such as Microsoft or a bank.  The recipient is persuaded, using what’s referred to as social engineering, to enter their credentials into a fake login page that is either embedded within the body of the email or part of a phishing website.  Once entered, the attacker has the details they need to log into your accounts and conduct illegal activity such as identity theft, credit card fraud, data theft, wire transfers and more.

Fake PayPal login pages were found to be the most common, numbering 11,000, however, Microsoft services had over 9,500 fake login pages.  Others with considerable numbers were Facebook at 7,500, eBay at 3,000 and Amazon at 1,500. 

The greatest risk to corporate accounts is likely the Microsoft fake pages impersonating Office 365, One Drive, and SharePoint.

Why Is This Type of Phishing Successful?

This type of Phishing attempt is so successful because:

  1. Inattentiveness on the part of the recipients of these Phishing emails means they miss irregularities in the content and therefore consider them to be legitimate. They enter their credentials as requested and the attackers have what they want.
  2. These emails are making it past secure email gateways and spam filters because the email content is modified, creating sometimes hundreds of different versions of the same phishing email. Signature-based email security platforms fail to detect suspicious behavior once the spam emails are slightly modified.  Tactics such as this are also employed by the attackers to defeat the manual efforts of Security teams that are always working to take down fake login pages.

What can your organization do?

Ongoing employee testing and training to be alert to this type of activity is an important defense measure that all organizations should implement.  BSC Solutions Group offers such as service.  Learn more about it here. 


September 10, 2020 2:58:35 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.