Phish Files
Abstract Aliens On Flying Saucers Northern Lights Lighthouse Mountains Water Tree Sun Background Gradient Unidentified Flying Object Ufo Stars Vector Design Style Landscape
Phish Files Articles
September 19, 2025

Don’t Fall for the Phish: Spotting Fake Logins Before It’s Too Late

Posted in: News

banner that says breaking news with a fish in a bowl.

Phishing attacks are getting sneakier—and more convincing. One of the most common tricks we’re seeing is fake login pages designed to mimic Montclair State University’s single sign-on (SSO) system. These pages often look identical to the real thing but are designed to steal your login credentials — and even your Duo codes.

Whether you’re a student, faculty member, or staff, it’s important to stay alert. Here’s how to spot a fake, what to do if something feels off, and what to do if you’ve already clicked.

How to Spot a Phishing Email

Phishing emails try to trick you into clicking a link or downloading an attachment. Look for these red flags:

  • Urgency or threats: “Your account will be deactivated in 24 hours!”

  • Unusual sender address: The display name might look legit, but the actual email address is off.

  • Generic greetings: “Dear user” instead of your name.

  • Strange formatting or logos: Low-quality images, misspelled words, weird spacing.

  • Unexpected attachments or links: Especially if you weren’t expecting anything.

Hover Before You Click

Before you click any link, hover your mouse over it (or long-press on mobile) to see where it actually goes.

Ask yourself:

  • Does the URL match the real login domain?

  • Is it spelled correctly? (e.g. montclair.edu vs. montclalr.edu)

  • Does it use HTTPS (a padlock icon 🔒 in the address bar)?

Fake SSO login pages often look identical to the real thing, but the URL will usually give them away.

Trust Your Gut — and Double Check

If something feels off, don’t click! Instead:

Extra Protection: MFA & Duo Security Tips

Don’t Approve Unexpected Duo Pushes

If you get a Duo request and you’re not actively logging in, don’t tap approve — that’s a red flag that someone may have your password and is trying to access your account.

Never Share Your Duo Codes

Some phishing scams ask you to enter or send a Duo code. Just like your password, your Duo codes are private — no one, including IT, will ever ask for them.

Know About MFA Fatigue

MFA fatigue is when an attacker spams your Duo app with repeated login requests, hoping you’ll approve one just to make it stop. If that happens:

  • Don’t approve any requests.

  • Report it to IT right away.

  • Change your password immediately.

MFA works only when you’re in control. If something feels off, trust your instincts and act fast.

What to Do If You Clicked or Entered Info

If you accidentally submitted your login credentials on a fake page:

  1. Change your password(s) immediately – Start with your NetID password. If you use a similar password anywhere else (including personal accounts) reset those as well!

  2. Notify the Phish Files – Use the Knowbe4 PAB or forward the email to phishfiles@montclair.edu.

  3. Stay alert for Duo requests – If you see any suspicious ones, don’t approve them.

  4. Monitor your account – Look for unusual activity (like login attempts from unfamiliar locations).

How to Report Phishing

If you get a suspicious email:

TL;DR — Quick Safety Tips

  • Hover over links before clicking.

  • Always check the URL on login pages.

  • Don’t trust emails that rush you or threaten action.

  • Never approve unexpected Duo requests or share MFA codes.

  • Report anything suspicious.

  • If you’re not sure — ask IT!

Bonus Tip: Bookmark the Real Login Page

To avoid ever clicking a fake link, bookmark any official pages you use (like NEST) and only sign in from that link. It’s a simple habit that can save you from phishing scams.

“Ask me about Duran Duran.”

— Emily Harris JD, CISSP, CIPP/US
Chief Information Security Officer

Want to Know More?

FBI.gov | Spoofing and Phishing