Anti-Phishing Welcome Message

PassPack defined an anti-phishing mechanism which allows you (yes you) make sure you are connected to PassPack, and not to a malicious copycat website.

PassPack’s anti-phishing solution is made up of three parts: a custom Welcome Message, IP recognition and hand-eye training.

Anti-Phishing Welcome Message - Main screen
Above, “gobble” is the User ID, and “do you always sound like a turkey?” is the Welcome Message

First and Foremost, Get Set Up

We’ll go over how the anti-phishing works in a moment, but first you might want to set up your personal Welcome Message. Just sign into your account as usual, click on the Security tab, then the Welcome Message link and follow the on screen instructions. It’s easy, read this article, or write me if you need help.

Now, onto how it works….

1. Personalized Welcome Message

You can decide how you want to be greeted when you sign in. This way you can make sure you’re connected to PassPack – and not to a look-alike, fraudulent website. You will see this every-time you sign in, so choose something that makes you smile, but also something that is personal to just you, maybe use some creative punctuation.

Unlike your Pass and Packing Key, you don’t have to remember this, you just have to recognize it when it’s shown to you. So have fun!

2. IP Recognition

To further enforce this, PassPack only shows the Welcome Message to certain IP address. An IP address identifies the internet connection with which your computer is connected to the internet. Usually, you will only have a few of these, and you can activate as many as need be. So even if the phisher takes your newly acquired User ID and Pass and tries to login to the real PassPack to read your welcome message – he won’t see it.

3. Hand Eye Training

Right after you sign in, and right before entering your Packing Key, you will see a rather ugly page with your Welcome Message, and eight squares, and a bunch of instructions.

Yes – we know it’s ugly, even a bit annoying, but that is precisely the point. You are forced to stop, look and find the black square to click on. While you are doing this, your eyes will get used to seeing your personal welcome message written above. You may not realize it, but you are training yourself. After a few days of using the Welcome Message screen, you will notice immediately if something changes.

How It All Works Together

Phishing is a technique of creating look-alike websites that trick you into inserting your User ID and Pass. But what phishers can’t do, is guess some zany greeting that you’ve set up for yourself, and is attached to your IP address. It becomes impossible to truly make a copycat site. And since you’ve trained yourself to notice as soon as something is different – you’ll notice a copycat site from a mile away.

I know what you’re thinking: “What’s the point if I have to sign in? If it were a phishing site then they’d get my User ID and Pass anyway.” Yes, they would. But not your Packing Key. Without your Packing Key, they can’t get your passwords. No two ways about it (more info about the Packing Key).

Some of you may be thinking, “But if they have my User ID and Pass, then they can sign in and see my Welcome Message and reproduce it back to me in their phishing site.” That’s why we’ve added IP recognition. An automated phishing system will not have the same IP address as you do, so even if they partially sign in to your account, they won’t see your Welcome Message, and therefore can’t copycat it.

They will be forced to show you the default (not personalized) message, or skip the ugly Welcome Message screen altogether in the hopes that you don’t notice – and that’s why we use hand eye training. So you do notice. So be alert, protect yourself.

What if you don’t see your Welcome Message?

First, don’t panic. Stop, and look and see if you are connected to https://www.passpack.com (be careful of artfully similar domains like passspack.com). If the domain is correct, it’s just a false alarm.

If the domain is not correct, do not type in your Packing Key (if you already have, continue following these instructions anyway). Now, open a new browser window, manually type in https://www.passpack.com – stay calm, make sure you’re not mistyping – and sign in as usual with User ID, Pass and Packing Key.

Click the Account tab, then Pass. The screen that appears will allow you to change your Pass to something new and very different. Do that. And PLEASE remember to write down your new Pass.

Now you’re safe. The threat is gone.

If you are unable to complete the steps above, you should report an account theft immediately.

Can there be any false alarms?

Yes. If you don’t see your Welcome Message, it may also be that your IP address has changed. This is fairly normal, and may happen from time to time. If it happens frequently, you may simply select the “activate subnet mask” option in the Welcome Message section under the Security tab.

However, by following the steps above, you’ll have gone a little out of your way if it was just a false alarm – better safe than sorry.

Ready to get it set up?

Read this post for step by step instructions.

Technorati Tags: , , , , , ,

Advertisements

12 responses to “Anti-Phishing Welcome Message

  1. Pingback: Three Online Password Managers Reviewed

  2. Pingback: PassPack, la gestion de vos accès en ligne | Szdavid's Blog

  3. What if i want to add two different IPs? One is my home IP and other is my office IP, and i want my both IPs to show the same Welcome meesage.

    How can i activate more then 1 IP?

  4. @sajidalimudassar
    Yes, you can do this.

    Go to your office, connect to your PassPack account, then follow the instructions here: http://tinyurl.com/38olnx

    Do the same at home.

    This will add both IP addresses to your account, and you should see the Welcome Message in both locations.

    If you need a hand, email me.

  5. Whenever I click on “Remember my username for a week”, the next time I access PassPack it does not re-require me to press the antiphishing squares. Isn’t that a vulnerability?

  6. Ignore my previous comment. I did not realize that the squares were antibot, and the welcome message was antiphishing.

  7. @Phillip

    Hello – yup, you got it. The welcome message itself is the anti-phishing. The squares are just there to make sure you stop and look.

  8. I made a Welcoming Message around 2-3 months ago. I havent been very active on this site so I havent logged on in about one month. Today I logged in and my Welcoming Message wasent there! Did Passpack delete it or is it a phishing website?

    It starts at : http://www.passpack.com/info/home/

    After clicking ” Already have an account? Sign In ” thing it went to
    https://www.passpack.com/beta6/#0

  9. Pingback: Anti-Phishing Phriends « Passpack Blog

  10. likvidaciya firmy referat kupit stelazh today s posts karaoke bar zapoy uslugi sidelki kiev implantaciya zubov klinika hlamidioz belok teplovogo shoka septiki grin rok okna pvh likvidaciya firm laminatory plastikovyh kart

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s