Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works

Windows 11 logo on a laptop screen
(Image credit: Shutterstock)

Falling victim to a phishing attack can be bad enough on its own, but hackers can take complete control of your PC if your Windows password falls into the wrong hands. This is why Microsoft is implementing a new phishing protection feature in Windows 11.

As reported by BleepingComputer, Microsoft is expanding Windows 11’s Enhanced Phishing Protection with a new feature that will warn users when they copy and paste their Windows password into both websites and documents.

The software giant first introduced its Enhanced Phishing protection feature back with the release of Windows 11 22H2, in order to protect users’ Windows credentials from being stolen by hackers. However, this security feature only warned users when they manually typed their Windows password into a document or a login page on a website.

While it’s highly recommended that you use one of the best password managers to securely store and autofill your passwords, many users still prefer to do things the old fashioned way by copying and pasting them from a list. Now though, Microsoft is adding copy and paste protection to its Windows Enhanced Phishing protection program. 

How to enable Enhanced Phishing Protection in Windows 11

Once enabled, this updated security feature will show a prompt about the dangers of password reuse when Windows 11 users copy and paste their Windows passwords into a document or on a website. 

As password reuse can allow hackers to gain access to your other accounts once they have one of your passwords, Microsoft now recommends that users change their local Windows account password once they’ve been found copying and pasting it. 

It’s worth noting that the company’s Phishing protection isn’t enabled by default in Windows 11 and you will need to turn it on manually for the extra protection it provides. This can be done by going to Windows Security > App & browser control > Reputation-based protection and then Phishing protection. Here, you’ll want to toggle the switch to on and add checkmarks to the other options below it.

According to BleepingComputer, Windows Enhanced Phishing Protection now works with Firefox and Excel — though it still doesn’t work with third-party note-taking apps like Notepad2 or Notepad++. 

If you manually enter your password to login into one of the best Windows laptops, you’ll be able to see these new warning messages when you copy and paste or type out your Windows password in documents or on webpages. However, if you use Windows Hello, the Windows 11 Phishing protection doesn’t work as you’re already using an extra layer of security in the form of a PIN or biometrics when logging into your computer.

Staying safe from phishing attacks on your Windows PC 

Fish hook on a keyboard

(Image credit: Shutterstock)

Even with Windows Enhanced Phishing Protection enabled, you still need to be on the lookout for phishing emails and attacks in order to stay safe online.

As such, you want to be really careful when opening emails from unknown senders while avoiding clicking on any links or attachments they may contain. If an email has a blank subject line or has one that looks suspicious, it’s best to just ignore it.

Another thing to look out for in phishing emails is a sense of urgency. Hackers and other cybercriminals often try to elicit an emotional response to get potential victims to respond to their messages. This is why you’re going to want to try and keep a clear head when going through your inbox as hackers will often trick you by providing a deadline you need to respond by or risk losing access to one of your accounts.

By following these tips and enabling Windows Enhanced Phishing Protection, you’re one step closer to staying safe from hackers. However, you should also install one of the best antivirus software suites on your computers just in case malware does manage to arrive on your PC via your inbox.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person typing on a computer while hackers use phishing to steal a file from their computer
Phishing: What is it, and how to avoid it
iPhone 15 Pro Max shown in hand
iMessage under attack from scammers sending phishing messages — don’t fall for it
Microsoft Edge open on a laptop with the browser's app listing page open on a smartphone in front of it
Microsoft Edge will soon protect you from these scary scams that even Chrome can't
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A laptop on a windowsill in the middle of a Windows update
Microsoft is ending support for Windows 10 soon — 5 ways to make sure your PC is secure
A hacker typing quickly on a keyboard
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
Latest in Online Security
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Monday, March 17 (#645)
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #379 (Monday, March 17 2025)
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far