You must log in or register to comment.
The highest commandment: don’t give your password. Ever.
No actual tech representative wants or needs your password, they simply will not ask for it.
The problem is that type of phishing is pretty much unheard of these days. You’re so much more likely to run into a fake Microsoft SSO page. I see these every day at work, and if you’re not checking the URL, it’s often identical.
So, the actual highest commandments are use MFA, read urls, and double check email senders.
Use pass keys (where possible); that mitigates the issues you describe
good enough to trick even the savvy
But not savvy enough to be still using last pass.
Ya know, that exact thought was in the back of my mind…
