The latest September 2022 version 22H2 update for Windows 11 includes a new feature designed to keep you even safer than before from phishing attacks: the practice of bad actors attempting to get you to reveal your usernames and passwords so they can log in rather than break in to your accounts.
These sneaky deceptions are usually carried out over email, but they don’t always have to be. Requests for your login details—made up to look like they’re from genuine, respected sources—can also arrive over instant messengers, social media platforms, and SMS texts (which is then known as smishing rather than phishing).
The new protections don’t need much in the way of setup or configuration—the idea is they just work when required. It’s still important to be aware of how they work, and how they keep you safe.
How Phishing Works
Phishing attacks often arrive over email.
Photograph: Silas Stein/Getty Images
Phishing has been going on for a long, long time and takes many different forms. What phishing scams all have in common, however, is that they try to get you to part with your username and password details for a particular account. This is typically done through some smart subterfuge to make it look as though you’re dealing with someone credible (at your bank, on a social media platform, or at your work) rather than a hacker.
For example, you might get an email that looks as though it’s from your credit card company and asks for changes to be made to your account: It would redirect you to a scam website mocked up to look authentic. Once you innocently log in with your normal details, they’re then in the hands of the phishers.
Or you might get an email purporting to be from your boss in the office several floors above you. It could ask you to log in to a particular company website (which again would be a fraudulent copy of the actual site), for instance, or it might ask you to simply email over a list of usernames and passwords as a matter of urgency.
Phishing attacks shape-shift to maximize their chances of success: They typically contain warnings and often put a time limit on responses (giving you less time to think about what you’re doing.) Recent scams focusing on the coronavirus pandemic involved emails that hid malevolent purposes behind health and safety information.
