Hover your mouse over a link to expose the actual address being used (long press on phones or tablets).
In the example below, the “here” link presumes to take you to an Amazon login page, however you will actually be redirected to the address shown in the hover box, “lp.bp03-service-support.com” which is fake.
Hackers try to trick us into entering our username and password into a fake login page. This is called a credential grab which they use to secretly collect and redirect your email without your knowledge.
They might spam your entire contact list, or convince someone to send money for something they normally wouldn’t. The recipient will think it is you – because the hacker has actually sent the email from your email address without you knowing.
Next time you login, check to make sure you are at the correct website.
In this first REAL login page you can see (in the address bar) that the site has a valid security certificate (the small lock) and is at the proper Microsoft login site.
However in this FAKE login page you can see that the site is NOT secure and is using a faked website address.
If you are unsure about a login page, open a new browser tab and type in the actual address that you are logging in to, such as office.com, apple.com, paypal.com, amazon.ca etc.