Autofill on Google Amp phishing pages?

This may be a temporary problem, but I have seen reports of phishing pages using Google Amp. One of the safeguards I have relied on for years is using 1Password to autofill my credentials - if it doesn't autofill or present matching logins, I go into high alert mode. My question is regarding Google Amp pages, which have the same or similar domain name as the Google login domain name, will 1Password autofill (or present different login options if I have multiple Google accounts) for what is a phishing site for my Google credentials?


1Password Version: 6.7.1 (671001)
Extension Version: 4.6.6.90 (Chrome)
OS Version: macOS 10.12.5
Sync Type: Families

Comments

  • jxpx777
    jxpx777
    1Password Alumni

    1Password matches your Logins to the URL of the current page. So, as long as the phishing page isn't actually hosted at a google.com URL, it should not match any of your Google Logins. If you have a specific URL that you'd like us to review, please feel free to post it here or in a private message to me.

    --
    Jamie Phelps
    Code Wrangler @ AgileBits
    Fort Worth, Texas

  • jswright61
    jswright61
    Community Member

    Thanks - no specific url at this time - I was just interested in the domain matching algorithm with respect to Google Amp pages phishing for an actual google login page.

  • jxpx777
    jxpx777
    1Password Alumni

    :+1:

This discussion has been closed.