Website Scams • Logins

Fake Login Pages: The Credential Theft Trap

Credential-harvesting sites copy real login pages so you type your username, password, and sometimes MFA codes.

Start Website Training Browse Website Articles
Quick takeaway
If you didn’t choose to log in, don’t. Verify the site first.

What is credential harvesting?

Credential harvesting is when a phishing website collects what you type—your login credentials—and sends it to the attacker. The attacker then attempts to sign in to your real account. If you also provide a one-time code, the attacker may complete the login immediately.

How fake login pages trick people

  • They copy logos, layout, and wording from real brands
  • They use urgent messages (“session expired,” “verify account,” “security alert”)
  • They hide behind shortened links or lookalike domains
  • They sometimes prompt for MFA codes to complete takeover

Red flags specific to fake login pages

  • The domain doesn’t exactly match the official brand domain
  • The page loads from an unexpected link/message
  • It asks for a code “to confirm identity” immediately after password
  • The login page feels generic or inconsistent with the brand
  • You can’t navigate to normal pages (only login/reset screens)

Best practice: verify before signing in

  1. Close the page.
  2. Open the official app or type the website manually.
  3. Sign in from the known homepage or bookmark.

Practice the habit

Practice Website Scam Defense Use Scam Lookup

FAQ

Why do scammers ask for MFA codes?

Because a password alone may not be enough. A stolen code can let them complete the login immediately.

Is a password manager helpful?

Yes. Password managers often won’t autofill on the wrong domain, which can be a strong warning sign.