Microsoft

Sign in

Microsoft

← you@example.com

Enter password

🎣

Don’t worry — nothing was captured or sent anywhere. This page exists purely for awareness training.

The URL. The real Microsoft login is at login.microsoftonline.com or login.live.com — not on a random site.
HTTPS alone isn’t enough. Phishing sites use HTTPS too. Always read the domain.
Unexpected context. Were you expecting to log in? Did you arrive here from a link in an email or a message?
Typos or odd phrasing. Legitimate Microsoft pages are polished and consistent.
Pressure or urgency. Phishing often uses “your account will be closed” or “security alert” language.
No MFA prompt. A real Microsoft sign-in usually prompts for multi-factor authentication.

Go directly to the service by typing the URL yourself — never click links in suspicious emails.
Use a password manager: it won’t auto-fill on the wrong domain.
Enable MFA on every account that supports it.
When in doubt, report the message to your IT/security team.

Back to safety