1PW & Scam Apps

dzinn
dzinn
Community Member

Hello,

This article was published in Australia by the public media (like PBS in USA).

Here is my question -- and also how to ask this question of 1PW staff?

Does 1PW help prevent falling for scams like those shown for Australian Banks in the linked article below?

Curious how this works with 1PW and if 1PW helps detect these fake sites??

"Russian cybercriminals have taken aim at the nation's major banks with a sophisticated new malware campaign, with Australians specifically in their sights."

https://www.abc.net.au/news/2023-11-18/bank-bogus-octo-scam-apps-phishing/102992426?

Any thoughts?

BTW, I've already downloaded all the REAL appl for my Banks -- or does this apply for folks new to Banking Apps?

Has this issue been dealt with here -- or somewhere on !PW help or ??

Another angle/question -- can 1PW be 'tricked' (somehow?) into allowing 1PW info to be entered into a Scam site?

Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    edited November 2023

    Hello @dzinn! 👋

    Thank you for the question! That's definitely an eye-opening article and it reminds all of us that we need to be vigilant regarding the apps that we install on our devices. The article mentions:

    Octo targets Android phones

    It sounds like iPhones aren't the target of this particular attack. I wanted to mention that since you posted your question in the iOS category on the forum here. All apps in the Apple App Store go through a review process by Apple which serves to reduce the risk of malware being published to the App Store for users to download by mistake. The process isn't foolproof but it is an additional protection.

    Always double-check to make sure that the app that you're installing is legitimate. You can look for things such as:

    1. The number, and age, of reviews.
    2. How long the app has been on the App Store. An established bank is not likely to have just published their app yesterday.
    3. Whether that specific app is linked to from the bank's official webpage.

    On the iPhone and iPad, 1Password uses iOS AutoFill to fill your logins into apps. iOS AutoFill will only suggest your bank login inside of an app if that bank has associated that specific app with it's domain. For example, if you're using Tangerine bank here in Canada you can see that Tangerine has listed its app's ID on its website here: https://www.tangerine.ca/.well-known/apple-app-site-association

    If the app doesn't match the right associated domain then AutoFill won't suggest your bank login. You can still choose to manually fill a login (or copy and paste your password) and that's where you need to be careful that you're filling logins into legitimate apps.

    Another angle/question -- can 1PW be 'tricked' (somehow?) into allowing 1PW info to be entered into a Scam site?

    Websites are a slightly different story but 1Password can help protect you there as well. 1Password in the browser, our extension, will only suggest logins if they match the website address that you've stored in 1Password. This helps to protect you from fake websites that may look like the real website but aren't. You can read more about how 1Password protects you against certain phishing attacks here:

    Let me know if you have any questions.

    -Dave

  • dzinn
    dzinn
    Community Member

    Thank you! Such hard work to keep up with (and avoid) the baddies.

  • Thank you again for sharing the article! If you have any other questions in the future then please don't hesitate to ask. 🙂

    -Dave

This discussion has been closed.