PassPack defined an anti-phishing mechanism which allows you (yes you) make sure you are connected to PassPack, and not to a malicious copycat website.
PassPack’s anti-phishing solution is made up of three parts: a custom Welcome Message, IP recognition and hand-eye training.
Above, “gobble” is the User ID, and “do you always sound like a turkey?” is the Welcome Message
First and Foremost, Get Set Up
We’ll go over how the anti-phishing works in a moment, but first you might want to set up your personal Welcome Message. Just sign into your account as usual, click on the Security tab, then the Welcome Message link and follow the on screen instructions. It’s easy, read this article, or write me if you need help.
Now, onto how it works….
1. Personalized Welcome Message
You can decide how you want to be greeted when you sign in. This way you can make sure you’re connected to PassPack – and not to a look-alike, fraudulent website. You will see this every-time you sign in, so choose something that makes you smile, but also something that is personal to just you, maybe use some creative punctuation.
Unlike your Pass and Packing Key, you don’t have to remember this, you just have to recognize it when it’s shown to you. So have fun!
2. IP Recognition
To further enforce this, PassPack only shows the Welcome Message to certain IP address. An IP address identifies the internet connection with which your computer is connected to the internet. Usually, you will only have a few of these, and you can activate as many as need be. So even if the phisher takes your newly acquired User ID and Pass and tries to login to the real PassPack to read your welcome message – he won’t see it.
3. Hand Eye Training
Right after you sign in, and right before entering your Packing Key, you will see a rather ugly page with your Welcome Message, and eight squares, and a bunch of instructions.
Yes – we know it’s ugly, even a bit annoying, but that is precisely the point. You are forced to stop, look and find the black square to click on. While you are doing this, your eyes will get used to seeing your personal welcome message written above. You may not realize it, but you are training yourself. After a few days of using the Welcome Message screen, you will notice immediately if something changes.
How It All Works Together
Phishing is a technique of creating look-alike websites that trick you into inserting your User ID and Pass. But what phishers can’t do, is guess some zany greeting that you’ve set up for yourself, and is attached to your IP address. It becomes impossible to truly make a copycat site. And since you’ve trained yourself to notice as soon as something is different – you’ll notice a copycat site from a mile away.
I know what you’re thinking: “What’s the point if I have to sign in? If it were a phishing site then they’d get my User ID and Pass anyway.” Yes, they would. But not your Packing Key. Without your Packing Key, they can’t get your passwords. No two ways about it (more info about the Packing Key).
Some of you may be thinking, “But if they have my User ID and Pass, then they can sign in and see my Welcome Message and reproduce it back to me in their phishing site.” That’s why we’ve added IP recognition. An automated phishing system will not have the same IP address as you do, so even if they partially sign in to your account, they won’t see your Welcome Message, and therefore can’t copycat it.
They will be forced to show you the default (not personalized) message, or skip the ugly Welcome Message screen altogether in the hopes that you don’t notice – and that’s why we use hand eye training. So you do notice. So be alert, protect yourself.
What if you don’t see your Welcome Message?
First, don’t panic. Stop, and look and see if you are connected to https://www.passpack.com (be careful of artfully similar domains like passspack.com). If the domain is correct, it’s just a false alarm.
If the domain is not correct, do not type in your Packing Key (if you already have, continue following these instructions anyway). Now, open a new browser window, manually type in
https://www.passpack.com – stay calm, make sure you’re not mistyping – and sign in as usual with User ID, Pass and Packing Key.
Click the Account tab, then Pass. The screen that appears will allow you to change your Pass to something new and very different. Do that. And PLEASE remember to write down your new Pass.
Now you’re safe. The threat is gone.
If you are unable to complete the steps above, you should report an account theft immediately.
Can there be any false alarms?
Yes. If you don’t see your Welcome Message, it may also be that your IP address has changed. This is fairly normal, and may happen from time to time. If it happens frequently, you may simply select the “activate subnet mask” option in the Welcome Message section under the Security tab.
However, by following the steps above, you’ll have gone a little out of your way if it was just a false alarm – better safe than sorry.