Using a password manager can help protect you from phishing scams, according to technology expert Chris Hoffman.
For one, password managers allow you to easily create and store strong, unique passwords to use on every account. This in itself can help protect you from all kinds of hacking scams.
And, when it comes to phishing, there is an even more significant benefit to using a password manager. Your password manager will not enter your password into a spoofed website.
In a phishing scam, a hacker will try to get you to reveal your password by sending you an email claiming to be from a legitimate organization, such as your bank. The email may say that your account is compromised, and you must click a link to secure it. If you click on the link in the email, you will be directed to a website that looks like the real organization's site but is not.
If you type your password into this website, you have just shared it with cybercriminals. With the username and password to an online bank account, plus any other information you typed in, they can now steal your or your employer's identity.
Password managers remember your password for each website and offer to fill it in when you visit that site. If you visit a spoofed site, your password manager will not offer to fill in your password. Therefore, if your password manager doesn't pop up, you know you are the target of a phishing scam. Chris Hoffman "How a Password Manager Protects You From Phishing Scams" howtogeek.com (Dec. 17, 2019).
If you are looking to improve your cybersecurity habits, taking advantage of a password manager may be your best bet.
Although many people know they are supposed to use "strong, unique" passwords for every account, few do. For one, they may not know what constitutes a strong password. Plus, the average employee now has nearly 200 passwords, and keeping track of unique ones for each account can feel daunting.
Password managers are programed to create only strong passwords, so you don't have to struggle to come up with one every time you open a new account. It keeps track of all of your passwords for you, so having a unique password for each account is a breeze.
Select a password manager that automatically fills in your credentials. That way, you have peace of mind that you are on a legitimate website and not a spoofed site every time your password manager works. The same holds true for using a password manager when visiting websites on your smartphone and other mobile devices.
If you do not use a password manager, it is all the more important to check the URL every time before you enter sensitive information. Keep in mind that scammers will create a URL that is very similar to the real organization's web address. For example, the hacker might use a domain such as "secure.chase.com.example.com/onlinebanking/login." Although it has "Chase" in the address to make you think you are on Chase.com, the domain is actually hosted on Example.com.
It is always important to remember other cybersecurity tips, such as never clicking on an unknown link in an email and always typing in the correct web address yourself.