Generic Landing Page (Should Not Be Seen)
⚠️ This was a phishing simulation – no credentials were captured.
You clicked a link and signed in because the consent screen looked familiar. This exercise demonstrates how attackers exploit trusted app names to trick users.
What happened?
- The sign-in page looked legitimate because it was Microsoft’s real login page.
- The app name shown was a well-known service (e.g., Microsoft Teams).
- You trusted the app name without checking the redirect URL or permissions requested.
How to protect yourself:
- Always verify the redirect URI before granting consent.
- Check the permissions requested – attackers often ask for more than they need.
- If something feels off, stop and report it to IT Security.