- 1Password has announced a new phishing protection tool
- Autofill will not be performed automatically on unrecognized websites
- Tool will warn users about malicious URLs if they try to paste credentials
Phishing attacks can cost businesses and consumers dearly, from millions in losses to ruined credit scores and stolen bank accounts.
Fortunately, 1Password, one of the best password managers, has introduced a new built-in phishing protection tool.
The new tool will compare the URL saved along with your stored credentials with the URL you are trying to access and provide a warning if something doesn’t match.
Fake URLs may be a thing of the past
Hackers often use a technique known as typo-squatting or URL hijacking to entice victims to hand over their credentials without them knowing. In fact, a recent 1Password survey found that 89% of Americans have encountered a phishing scam and 61% have been a victim at least once.
In some cases, hackers will remove a singular letter that could be easily overlooked or misspelled (gogle.com or google.co), or add characters within the URL that appear correct if not verified correctly (gccgle.com or gooogle.com).
Now, when accessing a potential phishing site, 1Password will compare the site’s URL to the URL stored in a user’s credentials vault. If the two don’t match, 1Password won’t automatically fill in the credentials.
If the user attempts to paste their stored credentials into the site, a pop-up window will appear warning them that the URL does not match any URL in the credentials vault and that the URL may not be legitimate.
The new feature will be enabled by default upon rollout for all individual and family plans, and 1Password for Business administrators will be able to enable enhanced phishing protection for employees through Authentication Policies in the 1Password admin console.
Look
Dave Lewis, global advisory CISO at 1Password, said: “Getting ahead of phishing attacks is all about communication, that’s what disrupts the scammer’s plan. The most important thing an employee can do if they receive a suspicious message is to tell someone.”
“Many attacks could be prevented by simply calling the next cubicle and saying ‘hey, is this okay with you?’ If someone believes they have already been a victim of phishing, they should notify IT immediately. These are the skills that are learned with good training and they need to be constantly reinforced, so that people remember them when they receive those urgent and frightening messages.”
For more tips on how to spot and avoid phishing scams and more information about the new tool, check out the 1Password blog.
The best password manager for every budget
