Phishing is when someone uses a fake email address, phone number, or social media account to trick you into giving away sensitive information like passwords and credit card numbers. In addition to keeping your passwords and data safe, Dashlane works to warn you when you might be in danger of getting phished.
We send alerts in several potentially risky situations depending on your device and your Dashlane plan.
|You get an alert if you...
|Friends & Family
|Team & Business
|Visit a fake website that looks like the Dashlane site
|Paste login info to a site that's not associated with that login in your Dashlane account
|Use Autofill in a potentially risky app
|Use Autofill on a site our machine-learning tool identifies as risky
Phishing alerts for fake Dashlane websites
This alert works in Chrome, Firefox, Edge, and Opera browsers.
We look actively for fake websites designed to look like the Dashlane website. If you ever click on a link for one of these scam websites, we send you to a warning page instead.
Select the checkbox on the warning page, and we'll automatically redirect you to our app if you click the same link again. Select Go to Dashlane to go immediately to the web app. You can also select the link to our blog to find resources for avoiding future scams.
Note: This phishing alert only works after you install the Dashlane extension in your browser and log in at least once. When you install the extension and log in, you download a list of websites we suspect are part of a scam. That way, we can warn you if you open any of these sites—even if you're not logged in to Dashlane.
If you want to report a phishing attack, you can get help through our support chatbot. Open the chatbot by selecting the Chat with bot icon, shown as a speech bubble, at the bottom of any Help Center page. In the chatbot, follow the prompts and enter a brief description.
Phishing alerts when copy-pasting login info
These alerts come with Dashlane Premium, Friends & Family, Team, and Business plans. These alerts don't come with Dashlane Free, Advanced, or Starter plans. The alert works in Chrome, Firefox, and Edge.
Dashlane autofills your saved logins on trusted websites as you browse the web. If we can't autofill your information, you can copy and paste your username and password from the Dashlane extension to the site you want to log in to.
With phishing alerts, we warn you if the site where you're pasting your login info isn't saved for that login in Dashlane. If you're sure you recognize the site, select Trust and paste, and we'll autofill your info. If not, select Don't trust or X and leave the site.
Note: The warning will show up only once for each website unless you log out of Dashlane and back in again. The warning doesn't appear if you refresh the page after copying your login information but should appear if you open a new page. The warning only works on HTTPS sites—not HTTP sites.
Phishing alerts on Android
Phishing alerts for apps on Android
Dashlane autofills your info when you log in to trusted Android apps. But we warn you if you're trying to autofill your info on a new app that looks potentially risky. We only show this warning if the app isn't already linked to the login in your Dashlane account.
You have two options when you see this warning:
- If you don't trust the app, select Cancel and search again for the app you want to log in to.
- If you trust the app, select Allow Autofill. If you don't want to see the warning again for this app, you can select Don't show me this again first.
Phishing alerts for websites on Android
These alerts come with Dashlane Premium, Friends & Family, Team, and Business plans. These alerts don't come with Dashlane Free, Advanced, or Starter plans.
When you open a trusted website on your Android device, Dashlane asks if you want to autofill your login information. If our machine-learning tool identifies a potential phishing risk, you'll see a warning in the place of the first login suggestion. The warning says either Moderate or High, depending on the level of risk.
What's machine learning? How does Dashlane's machine learning tool work?
Machine learning is when computers use data to improve at a certain type of task – like recognizing suspicious websites. A machine-learning program (or “model”) gets better at a defined task over time without needing specific instructions for every situation.
We've trained our machine-learning model to recognize phishing by analyzing known phishing websites as well as non-phishing sites. The model uses the characteristics of hundreds of thousands of sites to evaluate whether new and unfamiliar sites pose a phishing risk.
The machine-learning model runs locally on your device as part of the Dashlane app. The app sends data about new websites evaluated by the phishing tool to our servers. This data, which is used to improve the model, does not include customers’ personal information. The model needs to know whether specific sites are suspicious but not who visited those sites.
Our model will improve over time as we continue to train it using updated databases of known phishing websites and more data from legitimate websites.
The tool isn't perfect. Sometimes it marks safe websites as dangerous or fails to identify a dangerous site. Phishing alerts are a guide that you must decide to follow or ignore.
What do I do if I get a phishing alert on Android?
Select the warning to learn more about the risk. If you don't trust the site, select Go back and search again for the correct site. If you trust the site, select the checkbox for Don't warn me again on this website. Then select Go back and refresh the page to autofill your login information.
If you want to autofill your data directly, you can select View all logins instead of the warning. When you select a login from your vault, you'll see another warning pop-up. Check the address carefully. If you don't trust the site, select Don't trust and search again for the correct site. If you trust the site, select Trust and autofill.
Turn off phishing alerts on Android
- Select the three parallel lines to open the side menu of the Dashlane Android app.
- Select Settings and then General.
- Turn off the Phishing alerts setting.
Common questions about phishing
How can I spot a phishing attack?
Spotting a phishing attack can be difficult because the scammers try to disguise themselves as trusted sources.
You might get a message that looks like it's from a friend or your bank. People carrying out phishing attacks sometimes create an email address that's almost the same as the real email address of someone you trust. For example, you might get an email from firstname.lastname@example.org instead of an official Dashlane address like email@example.com.
Some phishing messages ask you to click a link to update your account information, verify a purchase, or reset your password. But the link leads to a fake website that looks like the real one. Scammers get access to any personal information you enter on the site.
Scammers might also ask you to download an attachment disguised as an invoice or an update to an app. But the attachment contains a program that gives the scammer access to information stored on your computer.
Other scams simply ask you to respond with your account details or credit card info.
What can I do to prevent phishing?
Phishing emails look like official emails or real messages from someone you know. So sometimes phishing is hard to spot. But you can protect yourself in several ways whenever you open an email.
Be wary of requests for personal information: Official organizations usually don't ask for information like passwords or social security numbers over email. Dashlane will never ask for this information in an email.
Check the sender's address: Scammers try to create email addresses similar to those of trusted sources, like banks or password managers. If you receive a message from Dashlane, make sure the sender is a Dashlane employee or one of these official email addresses:
Look for urgent or threatening language: Phishing emails use urgent language to get you to take immediate action. For example, they may claim your account will be closed unless you act immediately.
Look carefully at links and attachments: Make sure you know the email is legitimate before opening any links or attachments. Check links to make sure they go to the exact address of a real website.
Check the web address before entering your login details online: Only enter your Dashlane Master Password on our website. Log in through the Dashlane extension or go to dashlane.com and select Log in.
More steps to keep your account secure
2-factor authentication (2FA) is an added layer of prevention against phishing. Even if scammers have your login details, they can't get into your accounts without access to your mobile device when you have 2FA turned on.
If you think scammers have stolen your Dashlane Master Password or individual passwords, change any affected logins as soon as possible.
Want to make your passwords the best they can be? Check out our blog post on password hygiene
Want to further protect your account? Check out our blog post on how to prevent ransomware attacks
Phishing alerts for Dashlane Starter, Team, and Business plans
We know admins of Dashlane Starter, Team, and Business plans are especially concerned about the dangers of phishing. Phishing alerts help you intervene at critical moments to protect your organization from data breaches and financial losses without investing in expensive anti-malware solutions.
We immediately notify your employees when they visit a website that we suspect is part of a scam. That way, we prevent them from sharing sensitive information with people who want to harm your organization.
If your organization has a Team or Business plan, we also warn your members in two other situations:
- When they're using a computer browser and copy-and-paste a username or password to a site that isn't saved for that login in Dashlane
- When they're using an Android device and visit a site that our machine-learning tool identifies as a potential phishing risk
These alerts prompt employees to slow down and make sure they're entering their info on the right site.
When you launch Dashlane at your organization, phishing alerts require no extra setup and no activation on the part of your employees.
Want to know more about protecting your workplace from phishing scams?