- 1Password announced a new phishing protection tool
- Autofill will not happen automatically on unrecognized websites
- The tool will warn users of malicious URLs if they attempt to paste their credentials.
Phishing attacks can cost businesses and consumers dearly, ranging from million-dollar losses to ruined credit scores and stolen bank accounts.
Luckily, 1Password, one of the best password managers, has unveiled a new built-in phishing protection tool.
The new tool will compare the URL saved with your stored credentials with the URL you’re trying to access and provide a warning if something doesn’t quite match.
Fraudulent URLs could be a thing of the past
Hackers often use a technique known as typo-squatting or URL hijacking to trick victims into handing over their credentials without their knowledge. In fact, a recent 1Password survey found that 89% of Americans have encountered a phishing scam and 61% have fallen victim to one at least once.
In some cases, hackers will remove a singular letter that could be easily forgotten or mistyped (gogle.com or google.co), or add characters in the URL that look correct if you don’t check properly (gccgle.com or gooogle.com).
Now, when accessing a potential phishing site, 1Password will compare the site’s URL to the URL stored in a user’s credentials vault. If the two don’t match, 1Password won’t automatically fill in the credentials.
If the user then attempts to paste your stored credentials into the site, a pop-up will appear warning them that the URL does not match any URLs in the credentials vault and that the URL may not be legitimate.
The new feature will be enabled by default upon deployment for all individual and family plans, and 1Password for Business administrators will be able to enable enhanced phishing protection for employees through authentication policies in the 1Password admin console.
Look on it
Dave Lewis, Global Consulting CISO at 1Password, said: “Getting ahead of phishing attacks is all about communication, it’s what disrupts the scammer’s plan. The most important thing an employee can do if they receive a suspicious message is to tell someone.”
“Many attacks could be avoided by simply knocking on the next door and saying ‘hey, does that sound good?’ If anyone thinks they have already been phished, they should notify IT immediately. These are skills that come with good training, and they need to be constantly reinforced, so that people remember them when they receive these urgent and frightening messages.
For more tips on spotting and avoiding phishing scams and more information on the new tool, take a look at the 1Password blog.
The best password manager for every budget
