The expression “look before you leap” encourages you to think of possible consequences before you act.
In the digital age, that turn of phrase arguably could be changed to: look before you log in.
Take a look at the screenshot above and decide whether or not you should enter your credentials:
How about this log in screen below — is it for real?
Nope. It’s a recent scam impacting Gmail users.
One more, just for fun:
Netflix subscribers found out last year that this was also a scam.
This log in trickery is really just a twist on classic phishing techniques and something that’s becoming more and more common.
Ways to avoid scams like this:
- Check the URL first. If you’re on a login page, always look at the web address before typing a username or password. If you do not recognize the URL or if it is misspelled, then you should NOT log in. It is best to make a habit of confirming the domain/URL for any sites you log into, including Facebook, Gmail, Steam, YouTube, etc.
- Be skeptical of unexpected login prompts. If a log in box pops up you weren’t expecting, take an extra close look at the domain URL and make sure it matches the prompt. For example, if you are prompted to log into Office Online (O365), then you should be on a Microsoft-owned domain (i.e., the URL should be microsoftonline.com).
- Close inactive browser tabs. The Better Business Bureau recently warned consumers over email that scammers can load a fake website (typically a login form) on inactive tabs. The website may look real on the surface, but it’s designed to steal your login information. Any site that may have your payment or banking information could be a target. Close tabs when you’re done using websites to prevent this so-called “tabnabbing.”
- Don’t click email links. This is one of the most common ways you’ll end up at a fake login screen. Links can either download malware onto your machine (which could result in scam login screens popping up), or they can take you to websites designed to look real and steal your information.
- Stop and think. Whatever information you’re being asked to provide, the company should already have. Any company you do business with should know your username and have your payment information on file. And, if there’s been some kind of a data breach, they would not send out a mass email with links—you’d be contacted in a more secure fashion.
If you think you fell for a scam, we recommend following this link and follow these six steps to help regain control over your personal information.