惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
T
Threat Research - Cisco Blogs
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
Project Zero
Project Zero
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 叶小钗
Security Latest
Security Latest
Spread Privacy
Spread Privacy
aimingoo的专栏
aimingoo的专栏
N
News and Events Feed by Topic
Webroot Blog
Webroot Blog
U
Unit 42
Cyberwarzone
Cyberwarzone
小众软件
小众软件
Scott Helme
Scott Helme
Engineering at Meta
Engineering at Meta
Microsoft Security Blog
Microsoft Security Blog
T
The Blog of Author Tim Ferriss
A
About on SuperTechFans
爱范儿
爱范儿
S
Schneier on Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Schneier on Security
Schneier on Security
Latest news
Latest news
GbyAI
GbyAI
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
The Register - Security
The Register - Security
WordPress大学
WordPress大学
博客园_首页
Blog — PlanetScale
Blog — PlanetScale
PCI Perspectives
PCI Perspectives
Jina AI
Jina AI
AI
AI
NISL@THU
NISL@THU
I
Intezer
G
GRAHAM CLULEY
B
Blog
S
Secure Thoughts
IT之家
IT之家
宝玉的分享
宝玉的分享
Recent Announcements
Recent Announcements
Y
Y Combinator Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
酷 壳 – CoolShell
酷 壳 – CoolShell
有赞技术团队
有赞技术团队
V2EX - 技术
V2EX - 技术
Recorded Future
Recorded Future
Hacker News - Newest:
Hacker News - Newest: "LLM"

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password
info@1password.com (Elaine Atwell) · 2026-01-22 · via Blog on 1Password Blog

Phishing attacks are everywhere these days. People encounter them while shopping, job hunting, reading work emails, and checking personal texts. Thanks to AI-powered scammers, phishing has become both more common and harder to spot, leading to disastrous consequences. A phishing attack on a business costs an average of $4.8 million, and attacks on individuals can drain bank accounts and wreck credit scores.

The scary thing about phishing is that it only takes one momentary lapse in judgment for a scammer to steal a victim’s information. In one common form of the attack, the scammer will send an email or text containing a link to a fraudulent (but real-looking) website. When the victim enters their information into the site, they’re really handing it to the scammer, who can then cause chaos with the stolen information. 

These fake phishing sites look convincing, but they often have some tell-tale signs, such as a misspelled URL. That means a lot of phishing attacks could be prevented by a second pair of eyes to alert you if something seems…well…phishy.

Today, 1Password is beginning the rollout of a phishing prevention feature to act as that second pair of eyes and stop users before they share their passwords with scammers.

Here’s how it currently works: when a 1Password user clicks a link where the URL doesn’t match their saved login, 1Password won’t autofill their credentials. That’s an important first step. However, in those situations, users may not understand why their credentials aren’t being autofilled and try to manually copy and paste them to the fake website.

Our new phishing feature adds an extra layer of protection. When a user attempts to paste their credentials, the 1Password browser extension displays a pop-up warning, prompting them to pause and exercise caution before proceeding.

phishing detection pop-up light@2x

In the example above, it's easy for a user to miss that extra "o" in the URL, especially if the rest of the page looks convincing. But the pop-up reminds them to slow down and look more closely before proceeding.

For our individual and family plan users, this feature will be enabled by default once it is rolled out. 1Password Admins can enable this for their employees in Authentication Policies in the 1Password admin console.

This feature is just one of the ways 1Password protects our users from phishing attacks. Another part of that effort is understanding how people are getting phished. To get more insight about that, 1Password surveyed 2,000 American adults to learn how people are falling victim to and protecting themselves from phishing scams – both at work and in their personal lives.

We learned that the problem is nearly universal; 89% of Americans have encountered a phishing scam, and 61% have actually been phished. Clearly, people need help defending themselves.

We’ll spend the rest of this blog digging deeper into the results and offering practical advice for preventing phishing attacks at home and at work.

AI-powered scammers are flooding Americans with tough-to-spot phishing attacks

Phishing has been around for decades, but AI is helping attackers run more believable scams at higher volumes. People used to spot phishing attempts by their typos and shoddy graphic design, but with AI, it takes only minutes for a scammer to create a highly polished phishing email or website.

Phishing Prevention Blog assets Stat 1 1920x1080

As we mentioned, the best way to spot a phishing site in the age of AI is to check the URL, but only 25% of Americans in our survey said they hover over URLs before clicking them.

Dave Lewis - Global Advisory CISO

Take-home lesson #1

Don’t rely on obvious mistakes to spot a scam. Always make sure that a website URL matches the official company domain before clicking.

Dave Lewis, Global Advisory CISO 1Password

Shopping, scrolling, and job-seeking: How Americans get phished at home

When we look at where Americans are getting phished, it’s a mix of the usual suspects and some unexpected entries.

Where Americans have been phished

  • Personal email: 45%

  • Text message 41%

  • Social media: 38% 

  • Phone call 28%

  • Online ads or search results: 26%

There's a surprising disconnect between where people report encountering suspected phishing attempts and where they have been successfully phished. For instance, there’s a big gap between the number of people who have gotten a suspected phishing phone call (49%) and the number who have fallen for it (only 28%). That indicates that people, on the whole, are still fairly capable of spotting a scam phone call (at least until AI voice scams become more widespread). On the other hand, only 37% of people report seeing a social media phishing attempt, but 38% of phishing victims have been tricked there. 

Dave Lewis - Global Advisory CISO

Take-home lesson #2

Any place where you can share your personal data is a place you can be phished. Even online search results can be planted by bad actors. 

Dave Lewis, Global Advisory CISO 1Password

Next, we asked phishing victims what they were trying to do when they were phished. 

Most successful phishing bait

  • Get a special deal, price, or sale: 41%

  • Track a delivery or package: 31%

  • Apply for a job: 25%

  • Conduct personal business (banking, wire transfers, etc.): 23%

  • Respond to a legal issue (tax error, speeding ticket, etc.): 17%

  • Donate to a charity or cause: 13%

The common thread between all these ruses is that they create emotional and financial urgency

We rush to take advantage of a good deal, to resolve a potential legal dispute, to protect our money and purchases, to support the causes we believe in, and (especially in a crowded job market) to secure a new role.

Dave Lewis - Global Advisory CISO

Take-home lesson #3

If your heart rate increases, your caution should too. If a situation is urgent, contact the sender through a trusted channel, NOT the website, email, or phone number you see in the message.

Dave Lewis, Global Advisory CISO 1Password

Urgent messages from HR and the boss: How Americans get phished at work

Our survey found that working Americans are 16% more likely to have fallen for a phishing scam than non-workers (67% vs 51%). The most likely explanation is that workers spend more time on their devices, which increases their exposure to phishing attempts.

Indeed, 36% of workers we surveyed admitted they had clicked on a suspicious link in a work email. Of those, 26% were responding to HR or their boss – both of which can trigger a sense of emotional and financial urgency.

Here’s one story shared by a survey respondent that illustrates how this works in practice.

About six months ago, a coworker in our office received what appeared to be an urgent email from our IT department requesting her to verify her credentials by clicking a link. The email looked legitimate with our company logo and formatting. She was busy and clicked the link without thinking, entering her username and password on what turned out to be a fake login page. Within hours, someone tried accessing company files using her credentials. 

Fortunately, our security system flagged the unusual activity and locked the account before any data was actually stolen. IT immediately reset all passwords and implemented additional two-factor authentication across the organization. She felt embarrassed but reported it right away, which helped prevent a more serious breach. The IT team used it as a training example for the rest of us about recognizing phishing attempts, even when they look convincing.” - Gen Z man in California 

This story has it all: an urgent email, a fake login page, and another crucial theme: credentials.

Scammers are phishing for employee passwords

One of the most important differences between phishing scams in private life versus at work is the importance of passwords. To be clear: scammers take advantage of weak and compromised passwords wherever they find them, but when they’re going after an individual target, the ultimate goal is usually short-term financial gain.

Phishing attacks on companies are often far more sophisticated and may be the first stage of a more elaborate scheme. Indeed, phishing attacks are the leading vector in ransomware attacks. In this scenario, an attacker’s goal is to gain deep access to a company’s systems to steal or encrypt data. And their biggest asset is an employee password that will give them the access they want. 

The perfect target for a phishing attack is an employee with poor password practices, such as:

  • Default passwords that were never reset

  • Duplicate or similar passwords across multiple accounts

  • Weak and easily guessed passwords

  • No multifactor authentication (MFA)

Unfortunately, poor password practices are rampant in the workplace. 

Phishing Prevention Blog assets Stat 2 1920x1080

A single reused password can allow an attacker to move from one application to another, setting the stage for a hugely disruptive and expensive attack. 

The role of IT in preventing phishing and building a culture of security

There are various methods IT teams (and companies in general) can employ to help prevent or mitigate the damage of phishing attacks.

  • Deploying an enterprise credential management solution like 1Password helps ensure they use strong, unique credentials for every login. It also notifies admins if MFA is available but not in use, or if a credential is compromised in another breach.

  • Many companies require employees to complete regular phishing training and sometimes even conduct simulated attacks to ensure they respond correctly.

  • Requiring MFA across company-managed apps is another commonsense solution to help minimize the damage that can be caused by stolen credentials. 

    • Likewise, larger organizations may have network monitoring and other detection software that can flag suspicious behavior that signals a bad actor trying to infiltrate a company’s systems.

But even with every possible anti-phishing measure in place, at some point it still comes down to an individual employee with their mouse hovering over a link, deciding whether or not to click.

In those situations, the “x factor” might be an employee’s sense of responsibility for their company’s security. Our survey found that employees who believe it’s IT’s job to stop phishing are much more likely to fall victim to phishing.

Phishing Prevention Blog assets Stat 3 1920x1080

Meanwhile, 78% of employees know they should report phishing to their IT department, but more than half (56%) delete suspicious messages instead.

These numbers highlight the need for better communication between IT and end users, and for company leadership to make it clear that security is everyone’s responsibility.

Getting ahead of phishing attacks is all about communication, that’s what disrupts the scammer’s plan. The most important thing an employee can do if they receive a suspicious message is tell someone. A lot of attacks could be prevented by simply knocking on the cubicle next door and saying ‘hey, does this look right to you?’ If someone believes they’ve already been phished, they should notify IT immediately. Those are the skills you learn with good training, and they need to be constantly reinforced, so people remember them when they get those urgent, scary-looking messages.”

- Dave Lewis, Global Advisory CISO, 1Password

The goal of 1Password’s new anti-phishing feature is to give users – whether at work or home – a subtle reminder that helps their training kick in. We’re excited to continue developing it as part of our overall mission to secure the future of work.

Don't get hooked

If you’d like to learn more about how 1Password can help protect you, your family, and your business, get in touch with our team. 

1Password conducted this study using an online survey prepared by KW Research and distributed by PureSpectrum, completed by n=2,000 American adults. Within employees, a range of role types, seniority, and industries are represented. Data was collected from September 29 to October 2, 2025.