Hackers use basic template webpages in most attacks as this allows them to cover the greatest audience. This method works because the majority of sites Google, Microsoft etc have a standardized login page that the hacker duplicates to trick users into entering login information.
Security policies are enhanced through utilizing many different approaches and tools to harden your company infrastructure, managing the way your users interact with these systems provides you with ways to help them avoid hackers traps.
Using password managers, 2FA with user education is the only way to combat these attacks for third-party services. Internal login pages can be customized as an effective way to prevent users from entering their information onto phishing sites. This provides a powerful upgrade to your existing security policy without significant time or resource commitment.
Updating the graphical design such as having a company logo and name, or setting the page colour will have an immediate impact. But changing text will also differentiate your login page from a hacker’s page. The key is to have a visually distinct page or text conformity across your login pages to ensure any fake page immediately looks wrong to the user.
Although this approach will not mitigate the need for other security, it will significantly reduce the risk of phishing attacks. And for internal websites, the attacker would need access to your network to create a duplicate page for successful attacks.
