The Information Security team is aware of a new phishing campaign targeting 1Password users with convincing "fake breach" alerts. Users of both personal and enterprise 1Password accounts should exercise caution and steer clear of emails that falsely claim to be from 1Password.
Cybercriminals are distributing emails with the subject line "🔒Watchtower Alert: Password Issue Detected", that appear to be legitimate breach notifications from 1Password. These messages claim that your account has been compromised and prompt you to click a link to “secure” your vault. The link leads to a fake login page designed to steal your credentials.
If you receive the phishing email described above or any other similarly suspicious emails claiming to be from 1Password, please do NOT click on any links within the email and submit your credentials or respond to the scammer. You can report this activity to our team using the Report Phishing button or by forwarding it to phishing@yorku.ca.
Red Flags to watch out for:
- Sender impersonation: The email may appear to come from “watchtower@eightninety.com” or similar addresses.
- Urgent language: Subject lines like “Watchtower Alert: Password Issue Detected” are used to provoke panic.
- Fake login page: Clicking the link directs users to a site mimicking 1Password’s interface, but hosted on a malicious domain.
- Subtle visual cues: The phishing page uses accurate branding and design elements, making it difficult to distinguish from the real site.
đź”— Additional Resources