惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
V
V2EX
博客园 - 【当耐特】
Vercel News
Vercel News
雷峰网
雷峰网
爱范儿
爱范儿
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Azure Blog
Microsoft Azure Blog
F
Full Disclosure
有赞技术团队
有赞技术团队
Hugging Face - Blog
Hugging Face - Blog
NISL@THU
NISL@THU
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Attack and Defense Labs
Attack and Defense Labs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Microsoft Security Blog
Microsoft Security Blog
腾讯CDC
P
Proofpoint News Feed
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
K
Kaspersky official blog
I
InfoQ
Google Online Security Blog
Google Online Security Blog
L
LINUX DO - 最新话题
Project Zero
Project Zero
Engineering at Meta
Engineering at Meta
V
Visual Studio Blog
AI
AI
Schneier on Security
Schneier on Security
B
Blog RSS Feed
T
Tor Project blog
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
V2EX - 技术
V2EX - 技术
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
A
Arctic Wolf
Webroot Blog
Webroot Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password
info@1password.com (Rachel Sudbeck) · 2025-11-05 · via Blog on 1Password Blog

Summary and key findings

If you’ve lived through enough holiday parties, you know that pretty wrapping paper can hide a real stinker of a gift.

That’s how phishing attacks work; they present victims with a shiny object guaranteed to get their attention, but that bright packaging is just a trick to steal information or money. 

Phishing attacks also tend to increase during the holiday season, when people are hunting for deals and juggling package deliveries. As holiday shopping begins, scammers love to find the right wrapping to entice us to open a dangerous link. For instance, a victim might click on what seems like a digital gift card, only to find malware inside. 

We all want to be savvy enough to spot phishing attempts before we click a malicious link or surrender personal information. Unfortunately, that may be more difficult than ever this holiday season, since hackers are using AI to make scams both more ubiquitous and more convincing.

In this blog, we’ll go through our phishing survey results, and what they teach us about the current state of holiday scams. We’ll also be sharing key phishing prevention tips from Dave Lewis, 1Password’s Global Advisory CISO. We hope you’ll use this data and advice to be more aware and have a safer holiday season. Think of it as 1Password’s gift to you. 

Keys to a phish-free holiday season

As you start gearing up for the holidays, here are the critical factors to keep in mind when guarding against phishing scams.

Update your red flags

Here’s the good news: 95% of our survey respondents said they could spot common scammer red flags. The bad news is that this may lead to overconfidence, since 82% of respondents have still been phished, or come dangerously close to it. 

phishing article asset one

Part of the issue is that the aforementioned “red flags” may need an update.

The top signs that tip Americans off to a phishing scam are: 

  • Misspelled words or poor grammar (49%)

  • Requests for sensitive information (49%) 

  • Strange URLs (49%) 

  • An unrecognized sender (46%)

All of these are valid signs to be wary of online. Unfortunately, they’re less effective now that hackers are armed with AI. To quote the FBI, “AI-driven phishing attacks are characterized by their ability to craft convincing messages tailored to specific recipients and containing proper grammar and spelling…”

In other words, the advent of AI has made it harder to spot a scam based on misspellings and other former telltale signs. Our research confirms this. Two in three (66%) Americans say they’ve noticed more scammy messages, phone calls, and ads since AI became more prevalent, and 62% have received a scammy message they suspect was AI-generated.

If you can’t rely on misspellings and sloppy graphic design to spot a scam, what can you look for? One age-old tactic of scammers is pressure. Phishing scams count on you acting impulsively, so they do their best to create a sense of urgency. For instance, they’ll fake extremely limited-time Black Friday deals, with pressure to “act now to claim this discount!” But our survey found that Americans don’t know to look out for high-pressure tactics; only 35% of respondents consider them a red flag. 

People also let their desire for a bargain get in the way of their better judgment; 41% of the respondents who clicked a phishing link were trying to access a special deal, price, or sale.

Dave Lewis holiday phishing reminder:

Never be afraid to ask for a second opinion. Scammers rely on embarrassment to keep victims quiet, but spotting a scam isn’t always easy. With the help of AI, scammers can send increasingly sophisticated messages at breakneck volume; even pros can get fooled. If something doesn’t feel right, show it to a co-worker, friend, or family member before acting. A quick gut check can save you from a costly mistake.

The newest scams are the most effective, so be on guard everywhere

Phishing is one of the oldest scams on the internet; by now, most Americans are familiar with the most common forms of phishing. However, just as our red flags need to evolve, so do the places where we stay on guard.

Our survey found the three most frequent places where people encounter suspected phishing scams:

  • Texts (59%)

  • Emails (59%)

  • Phone calls (49%)

People know to be on the lookout for scams on these channels, so it’s no surprise that they are often the least effective at tricking people into handing over their data, such as passwords and credit card numbers. For example, 34% of people reported falling prey to a “smishing” attack, meaning that they clicked a suspicious link in a text message.

On the other hand, less common phishing channels are more likely to deceive people. Social media isn’t as widely used for phishing as email or text, but 45% of people exposed to social media scams were successfully phished. 

holiday phishing article image two

More and more users are shopping on social media every year; people are used to getting product recommendations and affiliate links from Instagram and TikTok. Social media, like phishing, also relies on impulse, with over 60% of social media users regretting an impulse buy they made on a platform.

Essentially, people get click-happy on social media, which makes it a prime medium to deliver phishing scams.

Dave Lewis holiday phishing reminder:

Be skeptical when shopping on social media. Social feeds are a prime hunting ground for scammers, who use realistic ads, fake storefronts, and sponsored posts that mimic real brands and people. Before buying or donating, verify the account, review comments for red flags, and visit the brand’s official site directly rather than purchasing through a link in a post, ad, or DM.

Gen Z and Millennials are falling for scams – don’t assume you’re too tech-savvy to be a victim

Our report data also challenges assumptions about who is getting scammed. Despite the perception of young people as tech-savvy digital natives, our survey found that younger generations are actually more likely to fall prey to a phishing attack.

Here’s the demographic breakdown of who has been phished:

  • Gen Z (70%)

  • Millennials(67%)

  • Gen X (57%)

  • Boomers(46%)

Before we start any (more) intergenerational conflict over the holiday season, we’ll note that younger generations are also typically exposed to more phishing attacks. For instance, 25% of Americans who've received a job-related phishing scam have clicked on it, and job seekers naturally tend to skew younger.

These job-related scams can be particularly dangerous over the holidays, when people begin to get worried about tight finances and start looking for new work (whether seasonal or long-term).

Overall, we can’t assume that any generation is better or worse at clocking a phishing scam. We should all be on guard, particularly as scammers evolve their methods. 

Dave Lewis holiday phishing reminder:

If an offer seems too good to be true, it probably is. Make sure to look for telltale signs of phishing and look-a-like websites. Closely analyze the sender’s email address or phone number, hover over hyperlinks for legitimate URLs, and keep an eye out for poor grammar. Instead of automatically clicking on a link, you should always go directly to the retailer’s website to verify.

Secure your passwords: keep one mistake from draining your holiday funds

Here’s the most alarming finding of our survey: A whopping 76% of Americans who've fallen victim to a shopping scam still reuse passwords across multiple accounts. 

If you’re not sure why this is a major problem, let us explain.

One common holiday scam involves bad actors sending out false shipping alerts to trick buyers into clicking malicious links or sharing personal information; we found that 31% of Americans who’ve been phished were trying to track a delivery or package.

Imagine you click a link to a very convincing imitation of the USPS website. You try to log in to track a package, only to then realize that the site isn’t legitimate. Now the bad actors who built the fake site have your real login information. At that point, having caught on, you close the window, find the proper USPS website, and change your password there. 

Unfortunately, your old USPS password was also the password to access your airline points, bank account, and credit card… which is exactly what the scammers were counting on. Reused passwords are skeleton keys for bad actors to take over multiple accounts; if you’re not paying attention to your passwords, you might not find the vulnerable accounts before the hackers do.

holiday phishing article asset 3

Dave Lewis holiday phishing reminder:

Even if you’ve fallen for a scam, good password hygiene limits the damage. A single reused password can unlock multiple accounts for hackers. Use a unique password for every account, and let a password manager do the remembering for you. It’s one of the simplest, most effective ways to protect yourself from waking up to a digital nightmare.

Security is the gift that keeps on giving

We’ll end with a final stat: 70% of Americans have helped a family member identify a scam, but only 46% have asked for help themselves. Remember that there’s never any shame in asking for help; a little embarrassment is far better than a compromised bank account. 

As we ramp up to the holidays, it’s not enough to give family and loved ones what they want; sometimes it’s better to give them what they need. If you’ve lived through enough holidays, you know that nobody’s ever thrilled to open up a new pair of socks. Despite that, those socks tend to be the gift we wind up using the most throughout the year. 

With phishing scams on the rise, people are in dire need of help to stay safe online. Whether you offer it in the form of helpful advice or perhaps through a 1Password gift card (we promise that link is legit), remember that security is always a good gift. 

1Password conducted this study using an online survey prepared by KW Research and distributed by PureSpectrum, completed by n=2,000 American adults. The sample was balanced by age, gender, region, and employment status. Within employees, a range of role types, seniority, and industries are represented. Data was collected from September 29 to October 3, 2025.