Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain skeptical of unsolicited alerts, especially those demanding immediate password resets. When faced with such alerts, the safest move is to open the 1Password app directly or navigate to 1Password.com for checking account status, it added. The 1Password lure is part of a larger wave of smarter, cleaner phishing operations. Similar campaigns have recently abused link-wrapping by URL security services to hide malicious redirects and disguise payloads behind fake CAPTCHAs that tricked users into pasting commands on their systems.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4068754/phishers-turn-1passwords-watchtower-into-a-blind-spot.html
