What are phishing scams and what steps can I take to protect myself against them?
Phishing is a scam where a criminal uses fake or partial information to try and trick someone into revealing passwords or other confidential information. To avoid falling prey to such scams, it is critical to understand what phishing is and what you can do to protect yourself. Below we present a list of 8 important rules to follow to avoid being victimized by phishing schemes. Also presented are three hypothetical but realistic phishing scams that would be avoided by following the 8 rules.
We want to emphasize that using LastPass makes you safer and that following the below 8 best practices will further help to protect your safety.
Top 8 Rules To Protect Yourself From Phishing Scams
NEVER tell your LastPass Master password to ANYONE for ANY REASON.
We will NEVER ask you for your password by email, by phone, by fax, or for ANY reason whatsoever.
ALWAYS use anti-virus, anti-malware, and firewall software.
Further, make sure that you run such software on all computers you use and that the virus definition files are up to date.
NEVER click on any links in emails unless you specifically requested that the email be sent to you.
NEVER assume that any email you receive was actually sent by the recipient listed as the sender.
It is very easy for attackers to forge email signatures. If you receive an email from 'LastPass.com', there is NO GUARANTEE WHATSOEVER that the email was actually sent by us. It could just as easily have been sent by a criminal.
AVOID using untrusted computers or untrusted computer networks.
Untrusted computers could have keylogging, screen capture, or traffic sniffing software pre-installed on them without your knowledge.
DO NOT be impressed if someone claiming to be from LastPass has any personal or confidential information about you whatsoever.
Although you might have entered information such as credit card numbers, social security numbers, and address information into LastPass, we have no way of ever reading or knowing such information. The ONLY piece of identifying information we have of yours is your email address.
USE LASTPASS to automatically fill login credentials for websites you visit.
Using LastPass helps protects you against fake-website phishing attacks as LastPass will only automatically fill your credentials for the actual site. As an example, suppose your bank's website is located at www.mybank.com and a criminal's fake website that looks IDENTICAL to your bank's website is at www.mybankcriminal.com. If you are victimized by a phishing scam and are unknowingly directed to www.mybankcriminal.com, then LastPass will NOT automatically fill in your bank website's credentials.
ALWAYS click on the LastPass browser plugin star icon to access your LastPass vault.
If you are on a PC or browser that does not have the plugin, then visit LastPass by directly typing the address 'lastpass.com' into your browser's address bar. If you arrived at our website through any other means, then you may be visiting a criminal's website that has been made to look exactly like our website.