Aug 27, 2008

How LastPass protects against phishing attacks

Hopefully you have started using LastPass and are now hooked because of the added convenience, security and organization it brings to you life. One facet of LastPass security that we haven't really mentioned is how we protect you from phishing attacks.

Phishers setup rogue websites with domains that are close in name to their target, so they can catch people who mistype the URL. They make the page look identical, so it is easy to enter your login information without a second thought.

LastPass protects against this if you use the LastPass website to login or the Sites drop-down in the plug-in. There is no URL to type, LastPass navigates to the page for you. It is both convenient and safe.

The second way phishers often trick people is by sending emails that look legitimate, but have links that point to their website instead of who they are impersonating. LastPass protects against this by only form filling and putting our icon in the form fields if you have an account with this site.

So if you do not see the LastPass icons in the form fields on one of your sites, do not simply enter your information! First make sure you are logged into LastPass and review the address.

1 comment:

  1. Perhaps it's time for some real email protection agsinst phishing.
    Implementing DMARC with a reject policy would be a nice move.