1Password has announced a new built-in phishing protection feature to help users stay safe as AI-powered scams become harder to detect. The company says phishing attacks are now more frequent, more convincing, and more damaging than ever, affecting both individuals and businesses.
According to 1Password, a single phishing attack on a business can cost an average of $4.8 million. For individuals, the impact can include drained bank accounts, stolen identities, and long-term credit damage. The biggest risk is how easy it is to fall for a scam. One wrong click or one rushed decision is often enough.
The new phishing protection feature acts as a second layer of defense inside the 1Password browser extension. Until now, 1Password would refuse to autofill login details if the website URL did not match the saved login. However, many users still manually copied and pasted their passwords, unknowingly handing them to fake websites.
With the new update, 1Password now shows a clear warning when a user tries to paste credentials on a suspicious site. The pop-up asks users to pause and double-check the website before continuing. This small interruption is designed to stop attacks that rely on speed, stress, and distraction.
The feature is enabled by default for individual and family plan users as it rolls out. For business users, administrators can turn it on through Authentication Policies in the 1Password admin console.
1Password also shared findings from a survey of 2,000 American adults to explain why phishing remains such a widespread problem. The results show that 89 percent of people have encountered a phishing attempt, and 61 percent say they have fallen victim to one.
AI is now a key reason behind rising Phishing attacks. Phishing emails and fake websites now look realistic, thanks to AI tools. Scammers can now generate polished messages and realistic login pages quickly. Only 25 percent of people say they check a URL before clicking a link, which remains one of the most reliable ways to spot a scam.
The survey shows that phishing attacks happen across many channels. Personal email and text messages remain common, but social media has become a major risk area. Interestingly, more people report falling for phishing on social platforms than even noticing suspicious attempts there.
1Password believes technology alone is not enough. Better habits, better training, and shared responsibility are just as important. The new phishing warning is meant to support user awareness at the exact moment it matters most.
