pfishing and 1password

delisol
delisol
Community Member

Hello,
A colleague was fooled in a pfishing attack. Files he had access to disappeared, including some that were shared with him on Dropbox. I am wondering if--believing no one is immune from being fooled--I was the victim of a pfishing scheme and had 1password open at the time, would my 1password account be breached?
David


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:pfishing

Comments

  • Hi @delisol

    It's important to understand what you mean here by a phishing attack, because it sounds like you might be referring to more than one thing.

    A true phishing attack is one where an attacker fools you into handing over your credentials for something. This could be a password for something, your credit card number, or anything else that shouldn't be shared with a stranger.

    Classic examples of this include emails that looks like they could be legitimate from your bank or somewhere else asking you to "confirm your account" and which link to a clone of the real website which then steal the information you enter. Usually, the spam filter on your email will flag these as suspicious. Phishing can also happen by SMS, phone call, voicemail, even postal mail(!) among other methods, and there are special names for some of these, like "smishing" (SMS + phishing).

    Without knowing exactly what you foresee as the risk in this situation, I can't really comment properly on it yet, but what I can say is that you should never give your 1Password account password or Secret Key to anyone you don't trust completely, such as a family member.

    If you can tell me a bit more about the situation, I'll be able to give you a fuller answer. Otherwise, if you have any specific questions, let me know and I'll be able to help out. :)

    — Grey

  • delisol
    delisol
    Community Member

    Sorry it's taken me awhile to get back to you. I appreciate your security advice but you're preaching to the choir here. My question is about a specific situation. In the colleague's mishap, he said he clicked on a link in a chat; all his files disappeared from his computer. There was some sensitive information and he assumes it was stolen. In that kind of attack, if your 1password browser add-on was open at the time, I am wondering if your account entries would be stolen as well.

  • @delisol

    It's hard to say what happened in your colleague's case, but (to me), it sounds like he might have downloaded and run something malicious from that link – I can't imagine that just clicking the link would have caused it. Similarly, without knowing what that was, I don't know its mechanism or what (if anything) it was targeting, so I can't give much of a solid answer on the threat it posed, especially in the context of your 1Password data.

    However, what I can say is that if your device is compromised by malicious software, a keylogger, or anything else, it's safest to assume that everything on that device may be affected in some way – 1Password isn't special in that sense, and it doesn't replace your normal security measures, such as Windows Defender or some other anti-virus software.

    We keep your 1Password account data safe by having backups in multiple physical locations. At worst, you could sign in to your 1Password account again and your data would be there. If you have any more information about what happened to your colleague, particularly whatever it was that affected his computer, I may be able to give you a better answer. Should you have any specific concerns you'd rather not post in a public place, email us at support@1password.com and we'll be able to help you by email.

  • delisol
    delisol
    Community Member

    @GreyM1P
    Ah, I see, he must have run something as well. I don't have any other information about my colleague's hack and I think you have answered my question. Thank you.

  • @delisol – You're very welcome. If you ever need anything from us at 1Password Support, please do contact us. We'll be here to help. :)

This discussion has been closed.