What Is Phishing, and How Does It Work?
Phishing is designed to trick you into giving your password or other information to an imposter.
For example, let’s say you get an email claiming to be from your bank. The email says your account may be compromised, and you should click this link to take action. You click the link in the email and end up on a site that looks just like your bank’s real website. In a rush to secure your account, you type your password and possibly other details like your credit card number. Boom, you’ve been phished. The attacker now has your bank account’s username and password, as well as any other information you provided. That wasn’t your bank’s real website. You got an email from a scammer.
Security professionals recommend against clicking links in emails like this. Instead, go to your bank account’s website directly and sign in. Similarly, if someone claiming to be from your bank calls you on the phone, it’s a good idea to hang up and call your bank’s customer service number directly to see if the call is legitimate.
It’s All in the URL
There’s one thing you can do to spot phishing sites: Examine the URL, which is the address of the web page. For example, if you bank with Chase, you’d look to verify you were on chase.com. But phishing sites could be clever—for example, a phishing site might use the domain “secure.chase.com.example.com/onlinebanking/login”.
If you understand URLs, you’ll realize that that particular URL is actually hosted on “example.com” and not “chase.com”.
Similarly, some phishing websites will use characters that look similar to other characters. It’s all part of making the URL look similar to the real one. After all, many people likely don’t examine the URL at all. Even people who do may just be trained to look for something like “chase.com.” Not everyone understands how to decode that line of text.
RELATED: What is Typosquatting and How Do Scammers Use it?
How a Password Manager Helps Protect You
If you use a password manager, you have additional protection. This is true as long as your password manager can automatically fill your credentials, whether it’s 1Password, LastPass, Dashlane, Bitwarden, or even the password-saving feature built right into your web browser.
This protection isn’t fancy, and you won’t see a big red “warning” message pop up. But you will quickly notice that wait a minute; your password manager isn’t offering to sign you in on this website. Why is that? Once you’ve noticed something is amiss, you might quickly discover you’re not on the website you thought you were on.
RELATED: How Safe Are Password Managers?
Peace of Mind When Logging In
Your password manager doesn’t just make it faster to enter your credentials while browsing the web. It gives you peace of mind while it goes about its job.
If you’re signing into your email online, you don’t need to double-check the domain before typing your username and password. You know that, if your password manager is offering to fill your credentials automatically, it’s already checked that the domain is a match with the one saved in your database.
This Works on Smartphones, Too
Of course, the same features are available when you use a password manager on a mobile device like an iPhone, iPad, or Android phone. Use your password manager to enter credentials, and you’ll be protected from phishing on the mobile web, too.
RELATED: Why You Should Use a Password Manager, and How to Get Started