A login screen is only as safe as the page hosting it

The page can look exactly right and still be a copy. The logo, the colors, the layout. What it cannot fully fake is the address at the top of the browser. Look for the real domain. Watch for extra words, swapped letters, or unusual endings (.co instead of .com, paypal-secure.com instead of paypal.com).

Easier rule: do not log in through links. Type the address yourself or use your saved bookmark. Your password manager is also useful here. It will refuse to autofill on a fake site, because it knows the real address and the fake one is not it.

Scams this applies to

Social

The QR code in the parking meter or restaurant menu.

A sticker over a real QR code (on a parking meter, a menu, a flyer) sends you to a fake payment or login page.

The “your account has been suspended” email from a service you actually use.

An email that looks like it's from your streaming service, email provider, or cloud storage saying your account is suspended and you need to sign in to fix it.

The “unpaid toll” text that asks you to log in.

A fake message says your toll account is past due and links to a near-perfect copy of a state turnpike site.