In October 2025, scammers sent phishing emails to 1Password users, pretending to be breach notifications from the Watchtower feature. The email urged users to change passwords and enable two-factor authentication via a link that redirected through mandrillapp.com to a fake domain. Although the email looked convincing, the sender’s address and the phishing domain were inconsistent with official 1Password communications, highlighting common phishing red flags.
Mandrillapp is a legitimate email delivery service, but it does not forward users to known phishing sites, which helped limit the scam’s success once detected. By October 3, phishing vendors had blocked the fake site, instead showing an error message to anyone trying to access the link. However, early victims who submitted their credentials risked full compromise of their password vault, leading to potential identity theft and account takeovers.
This phishing attempt resembles a similar scheme reported weeks earlier, suggesting ongoing risks for 1Password users. Users are advised not to click suspicious links or provide credentials in unsolicited emails and to verify account status directly via official apps or websites. Employing current, real-time cybersecurity protections with web filtering can offer additional defense against such evolving phishing threats.
👉 Pročitaj original: Malware Bytes
