Phishing scams are becoming dangerously sophisticated by using ‘punycode’ to create fake web addresses that look identical to real banks. These fraudulent sites even use valid security certificates to trick your eyes. Because these scams are so convincing, 1Password is introducing a proactive new feature to stop identity theft before it happens.
Punycode is a clever trick where scammers use nearly identical foreign characters to create fake web addresses that look exactly like legitimate sites to the human eye. For example, Faceboook.com instead of Facebook.com, which upon a quick glance, you can miss there’s an extra “o” in the URL.
The best defence is a moment of hesitation. When you click a link that leads to a fake domain, 1Password recognizes the mismatch and refuses to autofill your credentials. If you try to bypass this by manually pasting your password, a new alert immediately pops up. This provides a breakthrough moment of friction. That tiny pause is often all it takes to help you realize something is wrong, effectively ruining the attacker’s plan.
AI-powered scammers are flooding inboxes with highly polished emails. Research shows that 61% of people have already been phished, often while distracted by work or chasing a sale. These attacks succeed by creating a sense of urgency that causes us to overlook small details like a slightly altered URL.
Working Americans are especially at risk, as they are 16% more likely to fall for a scam than non-workers, according to a survey 1Password commissioned. Whether it is an urgent request from HR or a fake package tracking link, these scams rely on you moving too fast to notice the trap.
By adding these intelligent guard rails, 1Password says it gives you the confidence to work quickly without compromising your safety. This feature is now rolling out and will be enabled by default for individual and family plans. Check out the video below showing the new feature in action. For those on the fence it might be time to jump on a 1Password subscription to get ahold of its newest features and full support across all browsers:
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
This could be useful. Pretty good idea!
How is this different than other password manger? All past password manager will only offer to fill in password and stuff when there is an exact url match.
"When you click a link that leads to a fake domain, 1Password recognizes the mismatch and refuses to autofill your credentials. If you try to bypass this by manually pasting your password, a new alert immediately pops up."