Phishing attacks can cost businesses and consumers dearly, from millions of dollars in losses to ruined credit scores and stolen bank accounts.
Fortunately, 1Password, one of the best password managers, has introduced a new built-in phishing protection tool.
The new tool compares the URL saved with your saved credentials to the URL you are trying to access and warns you if something doesn’t match.
Scam URLs could be a thing of the past
Hackers often use a technique called typo-squatting or URL hijacking to trick victims into revealing their login credentials without their knowledge. In fact, a recent 1Password survey found that 89% of Americans have encountered a phishing scam and 61% have fallen victim to such a scam at least once.
In some cases, hackers remove a single letter that could be easily forgotten or misspelled (gogle.com or google.co), or add characters to the URL that appear correct if not verified correctly (gccgle.com or gooogle.com).
When accessing a potential phishing site, 1Password now compares the site’s URL to the URL stored in a user’s credentials vault. If the two don’t match, 1Password won’t automatically fill in the credentials.
If the user attempts to paste their saved credentials into the site, a pop-up window will appear warning that the URL does not match any URL in the credentials vault and that the URL may not be legitimate.
The new feature will be enabled by default for all individual and family plans upon rollout, and 1Password for Business administrators will be able to enable enhanced phishing protection for employees through authentication policies in the 1Password Admin Console.
Dave Lewis, CISO of global consulting at 1Password, said: “To stay one step ahead of phishing attacks, communication is key. It thwarts the scammer’s plan. The most important thing an employee can do when they receive a suspicious message is to tell someone.”
“Many attacks could be prevented by simply knocking on the nearest door and saying, ‘Hey, is that okay?’ If someone believes they have already been the victim of a phishing attack, they should notify us immediately. These are skills that come with a good education and need to be constantly reinforced so that people remember them when they receive that urgent and scary news.
For more tips on how to identify and prevent phishing scams and more information about the new tool, check out.
