Credential Theft
Stealing usernames and passwords, usually through fake login pages.
How it appears in scam messages
Credential theft usually arrives as a message linking to a login page that looks exactly like your bank, email provider, or a brand you use. The page captures whatever you type, and some versions even pass it to the real site so nothing seems wrong. The hook is often a fake security alert telling you to 're-verify' or 'confirm' your account.
Example only - do not act on it
Example only: Security alert — confirm your account now to avoid suspension. [fake login link removed]
Why it matters
Reused passwords mean one stolen login can unlock many accounts.
Common red flags
- A login page reached from a link in a message, not your own app or bookmark
- Urgent 'verify', 'confirm', or 'unlock account' wording
- A web address that is slightly misspelled or on an unusual domain
- Being asked to log in again right after clicking
Safe next steps
- Stop and verify through official channels you find yourself
- Never share codes, passwords, or card details from a message
- Use the message checker if you are unsure
- Report and block the sender
Related scam types
Related scam messages you can check
- Is this OTP / verification code request a scam?
- Is this Instagram copyright violation DM a scam?
- Is this Meta Business Support warning a scam?
- Is this PayPal invoice email a scam?
- Is this PayPal invoice scam a scam?
- Is this fake loan approval fee message a scam?
- Is this credit card limit increase scam a scam?
- Is this fake immigration visa message a scam?
Related scam-type hubs
Related red flags
Frequently asked questions
How can I avoid credential theft?
Slow down, never act on urgency, and verify through official apps or websites you open yourself. Use the free checker if a message seems off.
What if I have already been affected?
Contact your bank or the relevant provider through official channels, change any exposed passwords from a trusted device, and save evidence. See our recovery guides.