It’s getting harder than ever to tell if a personal message — about my taxes, for example — is a legitimate email, letter or call, or if it’s a phishing scam. Thanks to artificial intelligence, scammers have been able to scale, producing more convincing “hooks” to lure in personal data from individuals and companies alike.
To help combat these threats, 1Password, one of the best password managers on the market, has rolled out a new phishing prevention feature that aims to stop you from accidentally sharing your usernames and passwords with scammers. 1Password is my password manager of choice — I’d be constantly resetting my passwords without it — and I’m excited for its new phishing protection, which addresses one of my growing concerns.
Learn about why phishing scams are becoming more common, and find out how 1Password’s new guardrails may be able to keep your passwords from falling into the wrong hands.
1Password lets you leverage pop-up notifications as a potential phishing prevention safeguard
Phishing attacks seem like they’re everywhere these days. Social engineering scams like phishing are more prevalent because bad actors can cleverly dupe folks into handing over sensitive information, such as usernames, passwords and banking details. Generally, people using technology — and their awareness of security best practices — can be the weakest links in a security system, so it’s often easier for cybercriminals to target people instead of trying to crack the systems.
According to a survey by 1Password, 89% of Americans have experienced a phishing attempt, with 61% having been successfully phished. The company found that email and text message phishing scams were the most common, followed by social media and phone calls.
That’s why 1Password is rolling out phishing protection, which aims to alert people to potentially risky situations. Normally, when you click a link whose URL doesn’t match the saved login info in your password manager, 1Password refuses to autofill your username and password. In those situations, you might have to copy and paste your credentials.
1Password’s solution uses the 1Password browser extension to display a pop-up warning encouraging you to be careful before continuing when you try to copy and paste your sign-in credentials on unrecognized sites.
Scenarios where the URL doesn’t match the sign-in page aren’t uncommon — I experience those frequently when logging into streaming apps — but any time you copy and paste credentials, you run a risk of pasting them in the wrong place, like a scam website. This feature is a particularly useful warning in cases where you think you’re logging into something legitimate that your password manager should recognize — if it doesn’t, now you have a red flag alerting you that something’s suspicious.
To enable 1Password’s phishing protection, head to Settings > Notifications in the 1Password browser extension. From there, toggle on Warn about pasted logins on non-linked websites. When you try to paste your credentials and sign in on a website that’s not linked to your login info in 1Password, you’ll get a message that says “This website you’re on isn’t linked to a login in 1Password. Make sure you trust this site before continuing.”
This forces you to pause. You can then search for signs of a disreputable website, such as a strange-looking URL, low-resolution images, a company misspelling its own name or only offering a bank transfer as the sole payment method. I like 1Password’s approach, and while it’s not a silver bullet to automatically thwart phishing attempts, social engineering scams are tricky to block. You’ll still need to use good judgment because sometimes the sign-in page for services like streaming apps doesn’t match the desktop site’s, meaning both are legit but you’ve only got one saved in your password manager. However, it’s better than having no outside intervention to stop and think.
Unlike antivirus software, which can be updated to detect the latest malware, identifying fraudulent websites can be more challenging. It’s far faster to spin up a phishing website than it is to create new malware. Once a scam URL has been identified and added to a blocklist, it might be too late for many folks. Often, we’re moving quickly and may not notice that a sketchy URL is paypa1.com rather than the official paypal.com, for instance, and I appreciate the pop-up notification that hopefully makes 1Password users pause before pasting sensitive data.
At this point, your cybersecurity approach should be multifaceted. You’ll want antivirus software (there are great free antivirus apps), a password manager (like 1Password) and a VPN.
For more, learn why you should switch passwords over to passkeys and how to lock down your data with this cybersecurity checklist.