Phishing attacks trick people into sharing sensitive information. Whatever your role in your organization, here’s how to help keep your business safe from phishing.
- What is phishing?
- How to protect yourself from phishing
- How 1Password protects you from phishing
- How to protect your company from phishing
- How 1Password Business protects your company from phishing
- Stay safe out there
What is phishing?
Phishing is a type of scam: an attempt to trick people into giving away sensitive information, like passwords and credit card numbers. Often the goal is to steal money or gain confidential information.
Usually, victims of phishing receive a message that appears to be from a trustworthy source, asking them to visit a website that asks for confidential details. In reality, neither the source or the website are what they appear to be. An email that claims to be from your bank asking you to confirm your card details online would be an example of a phishing scam.
Phishing attacks aren’t always emails. Vishing (voice phishing) is an attempt to collect sensitive information over the phone, often under the bogus guise of an IT support call. Smishing uses SMS text messaging. But the goal of the attacker is always the same: to gain private information that could be used maliciously.
How to protect yourself from phishing
The first step of protecting your business from phishing is to protect yourself. Here are some things you can do to guard yourself against phishing attacks, whether at home or at work:
- Use healthy skepticism. Scrutinize unsolicited communication. For example, if you weren’t expecting to receive a large sum of money, be suspicious of a message that says you have. (If something sounds too good to be true, it probably is.)
- Scrutinize the action or information asked for. Any request to click a link or share confidential information should ring alarm bells, regardless of the apparent authenticity of a message or its sender. (Spelling and grammar errors can be a sign of a phishing scam, but they may not always be evident.)
- Don’t panic. Some phishing scams are designed to scare you into acting quickly. Saying you owe money, or threatening legal action are common ploys. The scammer is hoping you’ll panic and fall into their trap. Take the time to think things through.
- Never reply to a suspicious email. If a message seems to come from a service you use, contact them directly by other means. Don’t reply to a phishing email or use contact information it contains. To verify its authenticity, contact the company directly using contact information they make publicly available.
- Don’t click or copy-paste any links in the message. Open your browser and visit the website yourself using a bookmark, web search, or web address you already know. That way, you’ll know for sure that you’re on the right website and not an imposter that looks the same. Make sure the website is secure. Look for a padlock in your browser’s address bar and don’t enter any details if it’s missing.
- Ask before opening email attachments. If you receive an unexpected attachment, contact the apparent sender another way to make sure they really sent it. A quick check upfront takes far less time and is less stressful than picking up the pieces after a successful scam.
How 1Password protects you from phishing
No matter how vigilant we try to be, we can all slip up. A password manager with built-in phishing protection acts as a safety net for exactly those moments. Here’s how 1Password can help you protect yourself from phishing attacks:
- Protect against fraudulent websites. 1Password makes it simple to create and store strong passwords. It also syncs those passwords, and the exact URLs they should be used on, across all of your devices. That means 1Password won’t offer to [autofill](https://1password.com/features/autofill/ your passwords on scam sites with deceiving URLs (e.g. paypa1.com rather than paypal.com).
- Be warned of potential vulnerabilities. Every 1Password account includes Watchtower, which will alert you to compromised websites and vulnerable passwords. It will also highlight sites where you’ve used the same password twice, so you can change them before there’s a problem.
- Use two-step authentication. Should a password ever be compromised, two-step authentication will make it harder for hackers to access that account. You can set up 1Password as your authenticator app to make signing in to sites with 1Password easy, even when two-step authentication is enabled.
- Share passwords securely. 1Password lets you share passwords, credit cards, and other important information with anyone – even people who don’t use a password manager. If you know your team uses 1Password to share sensitive data, you’ll never be tricked by an email from a ‘colleague’ asking for your organization’s Twitter password.
- Create Masked Email using Fastmail. 1Password and Fastmail make a great team. Use them together to create Masked Email – new, unique email addresses that hide your real email addresses. If an app or service you sign up for is ever breached, a criminal will only discover your masked email address. This means they won’t know any of your other email addresses, and can’t sending phishing emails to those inboxes.
How to protect your company from phishing
Your team can receive any kind of phishing attack, but some scams are targeted at specific companies or organizations. This is known as spear phishing and, at a glance, these messages can seem very convincing. You can protect your business the same way you protect yourself: healthy skepticism. But there are some extra things you can do to help keep your company safe:
- Educate your team. Your company is only as secure as its weakest point, so it’s important to make sure everyone knows how to protect themselves from phishing attacks. In protecting themselves they’re protecting your organization. Share this page with them, and include phishing education in your security and password policies.
- Test. Just like you simulate a fire when you conduct a fire drill, you can also simulate a phishing attack. Monitor responses to these simulated phishing messages to see where improvements can be made. But do the necessary preparations to make sure simulations are run responsibly. For example, make sure team members aren’t at risk of exposing their personal data to other team members.
- Filter email. An up-to-date content and spam filter is one of the best protections against phishing attacks. Scams without an audience can do no harm.
- Report. If your company has a security team, forward suspect emails to them. They may be able to take steps to protect the rest of the team from similar messages. Put a policy in place so your team knows that this is the action to take.
How 1Password Business protects your company from phishing
No matter how vigilant we try to be, we can all slip up. Despite everyone’s best intentions, it can be difficult to make sure everyone in your company always follows best practices. On top of the ways 1Password protects you from phishing, 1Password Business comes with added benefits for your whole team:
- Mandate two-factor authentication. 1Password Business features Duo to help you roll out a two-factor authentication policy in your organization. Making sure the whole team uses two-factor authentication will help keep information as safe as possible.
- Track how 1Password is used. Administrators can view activity logs which track how 1Password is accessed, shared and used. This helps keep your organization safe, and makes auditing and compliance more simple.
- 1Password Families is included. Every team member gets 1Password Families free. This helps you protect your whole team and encourages good password hygiene both at home and at work.
Stay safe out there
Protecting against phishing attacks is like protecting against any other security issue – there are things we can all do to protect ourselves, but we don’t have to do it alone. Always be on the lookout, and use a password manager with built-in phishing protection for that extra security.